← Back to CVEs
CVE-2026-26046
HIGH7.2
Description
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
CVE Details
CVSS v3.1 Score7.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published2/21/2026
Last Modified2/26/2026
Sourcenvd
Honeypot Sightings0
Affected Products
moodle:moodle
Weaknesses (CWE)
CWE-78
References
https://access.redhat.com/security/cve/CVE-2026-26046(patrick@puiterwijk.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2440903(patrick@puiterwijk.org)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.