What is the CVSS score of CVE-2026-26046?

CVE-2026-26046 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Moodle are affected by CVE-2026-26046?

A command injection vulnerability in Moodle's TeX filter administrative settings could allow authenticated administrators to execute arbitrary commands on servers running affected instances.

How to fix or mitigate CVE-2026-26046?

Within 24 hours: Audit administrative access logs for the TeX filter configuration and restrict admin panel access to trusted networks only. Within 7 days: Disable the TeX filter if not actively used, or implement WAF rules to block suspicious filter configuration requests; document current filter configurations for change tracking. Within 30 days: Monitor for vendor patch release; if patch becomes available, prioritize deployment; if no patch emerges, evaluate alternative learning platforms or implement strict air-gapped administrative access controls.

Moodle CVE-2026-26046

HIGH

OS Command Injection (CWE-78)

2026-02-21 patrick@puiterwijk.org

Moodle Command Injection

7.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 21, 2026 - 06:17 nvd

HIGH 7.2

DescriptionCVE.org

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

AnalysisAI

Moodle's TeX filter fails to properly sanitize administrative configuration inputs, enabling command injection on systems with ImageMagick installed. An authenticated administrator can inject arbitrary system commands through a malicious TeX filter setting, achieving code execution with the privileges of the Moodle server process. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Admin accesses TeX filter settings

Exploit

Inject malicious shell metacharacters in config value

Execution

Moodle passes unsanitized input to ImageMagick

Impact

Execute arbitrary system commands

Access

Admin accesses TeX filter settings

Exploit

Inject malicious shell metacharacters in config value

Execution

Moodle passes unsanitized input to ImageMagick

Impact

Execute arbitrary system commands

Vulnerability AssessmentAI

Exploitation	Moodle TeX filter must be enabled, ImageMagick must be installed on the server, and attacker must possess administrator account credentials to access filter configuration settings. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker (requires authentication) could exploit this vulnerability to command injection.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit administrative access logs for the TeX filter configuration and restrict admin panel access to trusted networks only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-26046 vulnerability details – vuln.today

Back

Moodle CVE-2026-26046

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code