CVE-2026-29041

HIGH

Chamilo <1.11.34 - Authenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-29041. PoCs published by XiaomingX, kx00007, celeboy711-hue.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-29041, an authenticated RCE vulnerability in Chamilo LMS 1.11.32 due to unrestricted file upload. The PoC demonstrates bypassing MIME-type validation by prepending GIF magic bytes to PHP code, allowing execution of arbitrary commands.

Description

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.

Exploits (3)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-29041

This repository contains a functional exploit for CVE-2026-29041, an authenticated RCE vulnerability in Chamilo LMS 1.11.32 due to unrestricted file upload. The PoC demonstrates bypassing MIME-type validation by prepending GIF magic bytes to PHP code, allowing execution of arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Chamilo LMS 1.11.32
Auth required
Prerequisites: Student-level credentials · Access to the upload endpoint
devstral-2 · analyzed Mar 07, 2026 Full analysis →
nomisec WORKING POC
by kx00007 · poc
https://github.com/kx00007/CVE-2026-29041

This repository contains a functional exploit for CVE-2026-29041, an authenticated RCE vulnerability in Chamilo LMS 1.11.32 due to unrestricted file upload. The exploit bypasses MIME-type validation by prepending GIF magic bytes to PHP code, allowing execution of arbitrary commands via a web shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Chamilo LMS 1.11.32
Auth required
Prerequisites: Student-level authentication credentials · Access to the vulnerable endpoint
devstral-2 · analyzed Mar 19, 2026 Full analysis →
nomisec WORKING POC
by celeboy711-hue · poc
https://github.com/celeboy711-hue/CVE-2026-29041

This repository contains a functional exploit for CVE-2026-29041, an authenticated RCE vulnerability in Chamilo LMS 1.11.32 via unrestricted file upload. The exploit bypasses MIME-type validation by prepending GIF magic bytes to a PHP shell, allowing execution of arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Chamilo LMS 1.11.32
Auth required
Prerequisites: Student-level credentials · Access to the upload endpoint
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0073
EPSS Percentile 49.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
chamilo/chamilo_lms < 1.11.34
Published Mar 06, 2026
Tracked Since Mar 06, 2026