AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-25962: MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs curren

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 5, 2026CVE-2026-25962

Summary

MarkUs is a web application used for collecting and grading student assignments. Before version 2.9.4, the software had a vulnerability where it extracted zip files (compressed file archives) without limiting their size or the number of files inside them, which could allow someone to cause problems by uploading extremely large or numerous files. This vulnerability has been patched in version 2.9.4.

Solution / Mitigation

Update MarkUs to version 2.9.4 or later, as the issue has been patched in this version.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-409

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25962

First tracked: March 6, 2026 at 03:07 AM

Classified by LLM (prompt v3) · confidence: 95%