← Retour aux CVEs
CVE-2026-26046
HIGH7.2
Description
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
Details CVE
Score CVSS v3.17.2
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie2/21/2026
Derniere modification2/26/2026
Sourcenvd
Observations honeypot0
Produits affectes
moodle:moodle
Faiblesses (CWE)
CWE-78
References
https://access.redhat.com/security/cve/CVE-2026-26046(patrick@puiterwijk.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2440903(patrick@puiterwijk.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.