← Volver a CVEs
CVE-2026-26045
HIGH7.2
Descripcion
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado2/21/2026
Ultima modificacion2/26/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
moodle:moodle
Debilidades (CWE)
CWE-94
Referencias
https://access.redhat.com/security/cve/CVE-2026-26045(patrick@puiterwijk.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2440901(patrick@puiterwijk.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.