CVE-2026-33698

CRITICAL

Chamilo LMS affected by unauthenticated RCE in main/install folder

Title source: cna

Description

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11.38.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0008
EPSS Percentile 24.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-552
Status published
Products (2)
chamilo/chamilo-lms < 1.11.38
chamilo/chamilo_lms < 1.11.38
Published Apr 10, 2026
Tracked Since Apr 11, 2026