OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment
- Severity:
- High
Description
A critical Remote Code Execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. The issue has been fixed.
Recommendation
Update the openlearnx package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.0.3
- Patched version(s): 2.0.3
References
- GHSA-8h25-q488-4hxw
- CVE-2026-41900
- CWE-250
- CWE-284
- CWE-693
- CWE-78
- CWE-94
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution - CVE-2026-42045
- seroval Affected by Remote Code Execution via JSON Deserialization - CVE-2026-23737
- claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh - CVE-2026-45136
- FUXA Unauthenticated Remote Code Execution via Admin JWT Minting - CVE-2026-25893
You might also like:
- Tags:
- npm
- openlearnx
Anything's wrong? Let us know Last updated on May 11, 2026