CVE Catalog

CVE-2026-41588

Critical
Published: Translated: NVD NIST

Summary

RELATE is a web-based courseware package. Prior to commit 2f68e16, there was a timing attack vulnerability in course/auth.py — check_sign_in_key().

Risk Assessment

This vulnerability could have allowed attackers to perform a timing attack, potentially leading to unauthorized access to the system.

Recommendation

It is recommended to update to the version containing commit 2f68e16 to secure the system against this type of attack.

Original NVD description (English source)

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS