AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-53260: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first a

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 27, 2024CVE-2024-53260

Summary

Autolab, a course management system for auto-graded programming assignments, has a vulnerability where students can insert spreadsheet formulas (like those used in Excel) into their first or last names. When instructors download and open the course roster, these formulas execute and can leak student information by sending it to remote servers. The vulnerability has been patched in the source code repository.

Solution / Mitigation

According to the source, users are advised to manually patch their systems or wait for the next release. The fix is expected to be released in the next version. No known workarounds are available.

Vulnerability Details

CVSS Score

6.8(medium)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-1236

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-53260

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%