CVE-2026-30368

MEDIUM 5.4

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

9th

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.

CWE	CWE-863
Vendor	lightspeed
Product	lightspeed classroom
Published	Apr 24, 2026
Last Updated	Apr 27, 2026

Stay Ahead of the Next One

Get instant alerts for lightspeed lightspeed classroom

Be the first to know when new medium vulnerabilities affecting lightspeed lightspeed classroom are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Lightspeed / Lightspeed Classroom

5.1.2.1763770643

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tasty-hovercraft-9b9.notion.site: https://tasty-hovercraft-9b9.notion.site/Enabling-Unauthorized-Remote-Control-of-Student-Devices-with-Lightspeed-Classroom-2ec5157f5b4a800c9eefc5526479820a incognitotgt.me: https://www.incognitotgt.me/blog/lightspeed github.com: https://github.com/truekas/ls-poc