← back
CVE-2026-30368

CVE-2026-30368

CVSS 5.4 MEDIUMEPSS 0.3%CWE-863
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected products
Lightspeed · Lightspeed Classroom
public PoCs found1
cve_referencegithub.com/truekas/ls-pocunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/truekas/ls-pochttps://tasty-hovercraft-9b9.notion.site/Enabling-Unauthorized-Remote-Control-of-Student-Devices-with-Lightspeed-Classroom-2ec5157f5b4a800c9eefc5526479820ahttps://www.incognitotgt.me/blog/lightspeed