CVE-2026-26046

High CVSS: 7.2

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

Vendor

Moodle

Product

Moodle

CWE

CWE-78

Yayın Tarihi

2026-02-21 06:17:00

Güncelleme

2026-02-26 19:46:57

Source Identifier

patrick@puiterwijk.org

KEV Date Added

Kategoriler

CWE-78 Moodle HIGH Moodle 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-26046 https://bugzilla.redhat.com/show_bug.cgi?id=2440903

Benzer Kayıtlar

Medium

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimete…

High

CVE-2026-26045

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly va…

Medium

CVE-2025-67857

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs…

High

CVE-2025-67849

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt…

High

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks o…

Medium

CVE-2025-67851

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper esc…