Home / Vulnerability Intelligence / CVE-2026-30368

CVE-2026-30368 - Vulnerability Analysis

N/a

Last Updated: April 24, 2026

Lightspeed Classroom - Broken Access Control

Published: April 24, 2026Updated: April 24, 2026PoC Available

Overview

Lightspeed Classroom v5.1.2.1763770643 contains a client-side authorization flaw caused by bypassing integrity checks and abusing client-generated authorization tokens, letting unauthenticated attackers impersonate users and control student devices.

Severity & Score

Severity: N/a

Impact

Unauthenticated attackers can impersonate users and gain unauthorized control and monitoring of student devices.

Mitigation

Update to the latest version of Lightspeed Classroom.

References

https://tasty-hovercraft-9b9.notion.site/Enabling-Unauthorized-Remote-Control-of-Student-Devices-with-Lightspeed-Classroom-2ec5157f5b4a800c9eefc5526479820a
https://www.incognitotgt.me/blog/lightspeed

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30368
Severity: N/a
Type: broken_access_control
Status: rejected

CVSS Metrics

N/A