CVE-2026-26046

HIGH

Moodle TeX Filter - Command Injection

Title source: llm

Description

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

References (2)

Scores

CVSS v3 7.2
EPSS 0.0018
EPSS Percentile 38.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-78
Status published

Affected Products (1)

moodle/moodle < 4.5.9

Timeline

Published Feb 21, 2026
Tracked Since Feb 21, 2026