CVE-2026-26047

MEDIUM

Moodle TeX Editor - DoS

Title source: llm

Description

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

References (2)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2026-26047

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2440905

Scores

CVSS v3 6.5

EPSS 0.0009

EPSS Percentile 25.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400 CWE-770

Status published

Products (2)

moodle/moodle < 4.5.9

moodle/moodle 5.1.0-beta - 5.1.2Packagist

Published Feb 21, 2026

Tracked Since Feb 21, 2026