CVE-2026-26046
CVE-2026-26046
7.2
HighPublished:
Last updated:
Source:patrick@puiterwijk.org
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
References
patrick@puiterwijk.org
https://access.redhat.com/security/cve/CVE-2026-26046patrick@puiterwijk.org
https://bugzilla.redhat.com/show_bug.cgi?id=2440903