OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment
- Severity:
- High
Description
A critical Remote Code Execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. The issue has been fixed.
Recommendation
Update the openlearnx package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.3
- Patched version(s): 2.0.3
References
- GHSA-8h25-q488-4hxw
- CVE-2026-41900
- CWE-250
- CWE-284
- CWE-693
- CWE-78
- CWE-94
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - CVE-2026-41679
- paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - paperclipai - CVE-2026-41679
- FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API - CVE-2026-25895
- FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration - CVE-2026-25894
You might also like:
- Tags:
- npm
- openlearnx
Anything's wrong? Let us know Last updated on May 11, 2026