CVE-2026-10167: OUSL-GROUP-BrinaryBrains School Student Management System Improper Authentication
The National Vulnerability Database (NVD) has detailed CVE-2026-10167, a high-severity improper authentication vulnerability in OUSL-GROUP-BrinaryBrains School Student Management System, affecting versions up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The flaw resides in the sign_auth_cookie function within application/controllers/Login.php of the MY_Controller component. Attackers can manipulate the role argument to bypass authentication, enabling remote access.
This vulnerability carries a CVSS v3.1 score of 7.3 (High), indicating a significant risk. The attack requires no privileges or user interaction, making it highly exploitable. The NVD notes that public exploit code is available, dramatically increasing the likelihood of active exploitation. The vendor, OUSL-GROUP-BrinaryBrains, has reportedly been informed but has not yet responded or provided a fix, leaving affected systems exposed.
Given the public exploit and lack of vendor response, any organization using this specific Student Management System is at immediate risk. This isn’t theoretical; it’s a direct path to unauthorized access. Defenders need to recognize that public exploits transform vulnerabilities from potential threats into active attack vectors, making rapid mitigation critical.
What This Means For You
- If your organization uses OUSL-GROUP-BrinaryBrains School Student Management System, specifically versions up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6, you must assume compromise. Immediately identify all instances of this system. Given the lack of a patch and public exploit, the only viable short-term mitigation is to isolate or take the system offline if business operations allow, or implement strict network access controls to limit exposure to trusted sources only. Audit logs for any suspicious authentication attempts or unauthorized access.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-10167: OUSL-GROUP Improper Authentication via role parameter manipulation
title: CVE-2026-10167: OUSL-GROUP Improper Authentication via role parameter manipulation
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-10167 by targeting the sign_auth_cookie function in Login.php. The exploit involves manipulating the 'role' parameter. This rule specifically looks for POST requests to the vulnerable controller with the 'role' parameter present in the query string.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-10167/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/application/controllers/Login.php'
cs-uri-query|contains:
- 'role='
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-10167 | Auth Bypass | OUSL-GROUP-BrinaryBrains School Student Management System up to commit 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 |
| CVE-2026-10167 | Auth Bypass | Vulnerable function: sign_auth_cookie in application/controllers/Login.php |
| CVE-2026-10167 | Auth Bypass | Vulnerable component: MY_Controller |
| CVE-2026-10167 | Auth Bypass | Manipulation of argument: role leading to improper authentication |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 31, 2026 at 08:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers
CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...
CVE-2026-48208 — Denial of Service
CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...
CVE-2026-48189 — OTRS Customer Backend Module Vulnerability
CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...