Browse all 9 CVE security advisories affecting openedx. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Open edX is an open-source learning management platform used by educational institutions and organizations to deliver online courses. Historically, the platform has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 9 CVEs currently documented. Security researchers have identified common weaknesses in authentication mechanisms, input validation, and access controls. While no major public security incidents have been widely reported, the platform's open nature requires regular security updates and careful configuration to mitigate risks. Organizations implementing Open edX must prioritize security hardening and continuous monitoring to address potential threats and protect sensitive educational data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35404 | Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter — openedx-platformCWE-601 | 4.7 | Medium | 2026-04-06 |
| CVE-2026-34736 | Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API — openedx-platformCWE-287 | 5.3 | Medium | 2026-04-02 |
This page lists every published CVE security advisory associated with openedx. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.