CVE-2026-24664
Published: 03 February 2026
Summary
CVE-2026-24664 is a medium-severity Observable Response Discrepancy (CWE-204) vulnerability in Gunet Open Eclass Platform. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials (T1589.001); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5240
Vulnerability details
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This…
more
issue has been patched in version 4.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Username enumeration via login response differences directly enables gathering valid account identities (T1589.001) and facilitates subsequent brute-force or credential-stuffing attempts (T1110).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.