CVE-2026-26046

{"id": "CVE-2026-26046", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2026-02-21T06:17:00.203", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-26046", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440903", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en una configuraci\u00f3n administrativa del filtro TeX de Moodle donde una sanitizaci\u00f3n insuficiente de la entrada de configuraci\u00f3n podr\u00eda permitir la inyecci\u00f3n de comandos. En sitios donde el filtro TeX est\u00e1 habilitado e ImageMagick est\u00e1 instalado, un valor de configuraci\u00f3n maliciosamente elaborado introducido por un administrador podr\u00eda resultar en la ejecuci\u00f3n no intencionada de comandos del sistema. Si bien la explotaci\u00f3n requiere privilegios administrativos, un compromiso exitoso podr\u00eda afectar a todo el servidor Moodle."}], "lastModified": "2026-02-26T19:46:57.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80B1995C-45EB-41E5-A497-D565964750A1", "versionEndExcluding": "4.5.9"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CDB0968-2E2B-4C2F-BF59-9479D1EEC287", "versionEndExcluding": "5.0.5", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36833D08-9C77-48B1-9240-7F326F5BB1CC", "versionEndExcluding": "5.1.2", "versionStartIncluding": "5.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}