CVE-2026-26045
HIGH
GHSA-ggxq-2mg9-8966
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
Analysis
Moodle's backup restore function fails to properly validate malicious backup files, allowing authenticated administrators to achieve remote code execution through crafted file processing. An attacker with restore privileges can exploit this code injection vulnerability to fully compromise the Moodle server. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Disable backup restore functionality or restrict access to authorized administrators only; audit recent backup restoration activities for anomalies. Within 7 days: Implement strict file validation and sandboxing for all backup processing; conduct security awareness training for staff handling backups. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today