CVE-2026-25811
CRITICAL WAF: Low
CVSS 9.1
Published: 2026-02-09
CWE-863
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| prasklatechnology | placipy | 1.0.0 |
References
- github.com (Mitigation, Vendor Advisory)