CVE-2026-42860

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N                                    

Vulnerability Description

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger a server-side HTTP request by calling sync_provider_data. The fetch in fetch_metadata_xml() passes the URL directly to requests.get() with no scheme enforcement, IP filtering, or timeout. This vulnerability is fixed in 7.0.5.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 12, 2026

CWE ID

CWE-918

Source

GitHub

Vendor

pip

Product

edx-enterprise

External References

https://github.com/openedx/edx-enterprise/security/advisories/GHSA-64cv-vxpr-j6vc
https://github.com/advisories/GHSA-64cv-vxpr-j6vc

CVE-2026-42860

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment