CVE-2026-2997

MEDIUM 5.4

WisdomGarden｜Tronclass - Insecure Direct Object Reference

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course.

CWE	CWE-639
Vendor	wisdomgarden
Product	tronclass
Published	Feb 23, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for wisdomgarden tronclass

Be the first to know when new medium vulnerabilities affecting wisdomgarden tronclass are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

WisdomGarden / Tronclass

0 ≤ 1.74

References

NVD ↗ CVE.org ↗ EPSS Data ↗

twcert.org.tw: https://www.twcert.org.tw/tw/cp-132-10720-ecdfd-1.html twcert.org.tw: https://www.twcert.org.tw/en/cp-139-10721-276b6-2.html