A security has been unearthed in the DRC INSIGHT software—a platform widely used for proctoring academic exams. The flaw, tracked as CVE-2026-5756, resides in the Central Office Services (COS) component, which schools typically deploy on local networks to host and distribute testing content to students.
Most concerning for educators and parents is that the allows for unauthenticated configuration changes, and currently, no patch is available.
The root of the issue lies in how the COS component manages its web traffic. It utilizes a “unified API router” that fails to distinguish between public-facing functions, like delivering an exam, and sensitive administrative tasks.
Because there is no meaningful separation between these roles, a specific administrative endpoint—/v0/configuration—is left wide open to anyone on the same network as the server. As the vulnerability note warns, “Any unauthenticated user or compromised device with network access to the server may submit requests that modify the server’s configuration file”.
The system essentially accepts and saves user-supplied JSON payloads without checking if the user is authorized or if the changes are even safe for the server.
An attacker could overwrite storage settings to ensure that sensitive test artifacts, including student responses and audio recordings, are sent to an attacker-controlled server instead of the official DRC destination.
Beyond data theft, the flaw allows for deep traffic manipulation. According to the note, “An attacker could also intercept or manipulate outbound traffic by inserting a malicious httpsProxy setting, causing HTTPS communications… to pass through an attacker-controlled proxy”.
Furthermore, a simple malformed request could trigger a service disruption, preventing the server from starting and effectively halting active student assessments.
With coordination efforts with the vendor proving unsuccessful so far, administrators are left to defend their networks manually. If you are running DRC INSIGHT, the following steps are critical:
- Isolate the Server: Place the COS server on a dedicated, isolated network segment that is strictly off-limits to student and guest networks.
- Firewall the Endpoint: Use host-based or network firewalls to restrict access to the /v0/configuration endpoint, ideally limiting it to localhost or authorized admin IPs.
- Monitor Outbound Traffic: Restrict and monitor outbound connections to ensure data is only moving toward approved DRC infrastructure.
- Verify Integrity: Maintain signed backups of configuration files and verify their integrity before any restoration.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
