CVE-2026-32097
Published: 11 March 2026
Summary
CVE-2026-32097 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Harvard Pingpong. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 22.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations for file access, preventing authenticated users from retrieving or deleting files outside their intended scope.
Prompt identification, reporting, and correction of flaws like this authorization bypass ensures timely patching to version 7.27.2.
Principle of least privilege limits the access of low-privilege authenticated users, reducing the potential impact of authorization bypass exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass enables file retrieval (T1005) and deletion (T1485) by authenticated users; exploitation requires valid low-privilege accounts (T1078) against a public-facing application (T1190).
NVD Description
PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or…
more
deletion of private files, including user-uploaded files and model-generated output files. Exploitation required authentication and permission to view at least one thread for retrieval, and authentication and permission to participate in at least one thread for deletion. This vulnerability is fixed in 7.27.2.
Deeper analysisAI
CVE-2026-32097 is an authorization bypass vulnerability (CWE-639) affecting the PingPong platform, an open-source tool for using large language models (LLMs) in teaching and learning environments. In versions prior to 7.27.2, the platform fails to properly enforce file access controls, allowing authenticated users to retrieve or delete files beyond their intended authorization scope. This includes private files such as user-uploaded content and model-generated outputs. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
An attacker with a low-privilege authenticated account can exploit this issue over the network with low complexity and no user interaction required. For file retrieval, the attacker needs only permission to view at least one thread; for deletion, permission to participate in at least one thread suffices. Successful exploitation enables unauthorized access to or destruction of sensitive files belonging to other users, potentially leading to data theft or disruption in shared LLM-based educational workflows.
The GitHub security advisory (GHSA-4wwr-5wq7-mgm4) confirms the issue is fully resolved in PingPong version 7.27.2, recommending immediate upgrades for all prior installations. No additional workarounds are specified, emphasizing patching as the primary mitigation.
This vulnerability is particularly relevant to AI/ML deployments in educational settings, as PingPong handles LLM-generated outputs that may contain proprietary or sensitive data. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-03-11.
Details
- CWE(s)