CVE-2026-41588
CRITICALDescription
RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| inducer | relate |
References
Frequently Asked Questions
What is CVE-2026-41588? +
How severe is CVE-2026-41588? +
What products are affected by CVE-2026-41588? +
How do I check if I'm vulnerable to CVE-2026-41588? +
Related Vulnerabilities
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash …
Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 …
SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) …
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash …
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via …
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned …