CVE-2026-22241
Published: 08 January 2026
Summary
CVE-2026-22241 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Openeclass Openeclass. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 19.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.
Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.
Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload with no validation directly enables web shell deployment (T1505.003) for RCE on the web server.
NVD Description
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on…
more
the server's file system. The main cause of the issue is that no validation or sanitization of the file's present inside the zip archive. This leads to remote code execution on the web server. Version 4.2 patches the issue.
Deeper analysisAI
CVE-2026-22241 is an arbitrary file upload vulnerability in the theme import functionality of the Open eClass platform, formerly known as GUnet eClass, a complete course management system. In versions prior to 4.2, the platform performs no validation or sanitization of files contained within uploaded ZIP archives, enabling the placement of arbitrary files on the server's filesystem.
An attacker with administrative privileges can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation allows remote code execution on the web server, as reflected in the CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and the associated CWE-434 (Unrestricted Upload of File with Dangerous Type).
Open eClass version 4.2 addresses the vulnerability. Project advisories on GitHub, such as GHSA-gq72-7mwg-424r, GHSA-rf6j-xgqp-wjxg, and the patching commit 3f9d267b79812a4dd708bb1302339e6a5abe67d9, provide further details on the fix, with additional analysis available from TwelveSec.
Details
- CWE(s)