CVE-2026-24669

HighPublic PoC

Published: 03 February 2026

Published

03 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 6.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24669 is a high-severity Insufficient Session Expiration (CWE-613) vulnerability in Gunet Open Eclass Platform. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Local Accounts (T1078.003); ranked at the 6.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Local Accounts (T1078.003). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

IA-5 mandates proper management, expiration, and revocation of authenticators like password reset tokens to directly prevent their reuse after initial consumption.

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely flaw remediation, ensuring vulnerabilities like the insufficient password reset token expiration are patched as in Open eClass version 4.2.

AU-12 Audit Record Generation partial match

detect

AU-12 generates audit records for credential changes and privileged functions, enabling detection of unauthorized password resets via token reuse.

MITRE ATT&CK Enterprise TechniquesAI

T1078.003 Local Accounts Stealth

Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

The insecure password reset token reuse (CWE-613) directly enables unauthorized password changes leading to local account takeover, mapping to Valid Accounts (Local Accounts).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used,…

enabling unauthorized password changes and potential account takeover. This issue has been patched in version 4.2.

Deeper analysisAI

CVE-2026-24669 affects the Open eClass platform, formerly known as GUnet eClass, which is a complete course management system. Prior to version 4.2, the platform's password reset mechanism is insecure, allowing local attackers to reuse a valid password reset token even after it has already been used once. This flaw, classified under CWE-613 (Insufficient Session Expiration), enables unauthorized password changes and potential account takeover. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact with local access required.

Local attackers with no privileges can exploit this issue by capturing or reusing a previously consumed password reset token, though it requires user interaction such as clicking a malicious link or providing input. Successful exploitation allows the attacker to reset the password of a targeted account, leading to full account takeover with high confidentiality, integrity, and availability impacts.

The issue has been addressed in Open eClass version 4.2. Security practitioners should upgrade to this patched version immediately. Additional details are available in the GitHub security advisory at https://github.com/gunet/openeclass/security/advisories/GHSA-gcqq-fxw6-f866.