← back
CVE-2026-30368

CVE-2026-30368

CVSS 5.4 MEDIUMEPSS 0.3%CWE-863
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.4EPSS 0.3%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
24 Apr 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →