CVE-2026-27807 Markus — Exploit & Vulnerability Details MEDIUM

CVE-2026-27807

MEDIUM CVSS 3.1: 4.9 EPSS 0.04%

Parameter	Value
CVSS	4.9 (MEDIUM)
Fixed In	2.9.4
Type	CWE-776
Vendor	Markus
Public PoC	No

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled.

This issue has been patched in version 2.9.4.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

High

Нужны права администратора

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

None

Нет модификации данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-776

References 2

https://github.com/MarkUsProject/Markus/releases/tag/v2.9.4

security-advisories@github.com

https://github.com/MarkUsProject/Markus/security/advisories/GHSA-m9rx-85mx-q9h6

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-25962

Markus

6.5

CVE-2026-28405

Markus

8.0

Menu

CVE-2026-27807

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-25962

CVE-2026-28405

CVE Details

Editor's Choice