CVE-2026-26045

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-26045
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2026-26045 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2440901 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
History

26 Feb 2026, 19:47

Type Values Removed Values Added
CPE cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
First Time Moodle moodle
Moodle
References () https://access.redhat.com/security/cve/CVE-2026-26045 - () https://access.redhat.com/security/cve/CVE-2026-26045 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2440901 - () https://bugzilla.redhat.com/show_bug.cgi?id=2440901 - Third Party Advisory
Summary
  • (es) Se identificó una vulnerabilidad en la funcionalidad de restauración de copias de seguridad de Moodle donde los archivos de copia de seguridad especialmente diseñados no se validaban correctamente durante el procesamiento. Si se restaura un archivo de copia de seguridad malicioso, podría conducir a la ejecución no intencionada de código del lado del servidor. Dado que las capacidades de restauración suelen estar disponibles para usuarios privilegiados, la explotación requiere acceso autenticado. Una explotación exitosa podría resultar en el compromiso total del servidor Moodle.

21 Feb 2026, 06:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-21 06:16

Updated : 2026-02-26 19:47

NVD link : CVE-2026-26045

Mitre link : CVE-2026-26045

CVE.ORG link : CVE-2026-26045

JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')