Multiple Critical Vulnerabilities Discovered in Moodle Including RCE and SQL Injection

Multiple vulnerabilities were discovered in Moodle on 29 April 2026, as reported by CERT-FR. The flaws include the potential for remote arbitrary code execution, SQL injection (SQLi), and Cross-Site Request Forgery (CSRF) via illegitimate request rebounding. No specific CVE identifiers, affected versions, or technical exploitation details were provided in the notice. The vulnerabilities enable attackers to compromise systems by executing unauthorized actions or manipulating database queries. The advisory originates from the French government's cybersecurity agency (ANSSI). No mitigation steps or patches were explicitly mentioned in the reported content.