← Volver a CVEs
CVE-2026-31282
CRITICAL9.8
Descripcion
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/13/2026
Ultima modificacion4/14/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-284
Referencias
https://github.com/saykino/CVE-2026-31282(cve@mitre.org)
https://www.totara.com/(cve@mitre.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.