CVE Catalog
CVE-2026-40743
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.25%
16th percentile — higher than 16% of all known CVEs
Summary
Versions of Tutor LMS up to 3.9.7 have an issue with unauthenticated access that can lead to broken access control.
Risk Assessment
Organizations may be exposed to unauthorized access to sensitive data or system functions, potentially leading to serious security breaches.
Recommendation
It is recommended to update Tutor LMS to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

