CVE-2026-25811

Vulnerability Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Vulnerability Details

Published Date

February 09, 2026

Last Modified

February 10, 2026

CWE ID

CWE-863

Source

NVD

Vendor

Praskla-Technology

Product

assessment-placipy

External References

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3gmm-9ww2-87fh

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment