Is Moodle affected by CVE-2026-26046?

A command injection vulnerability in Moodle's TeX filter administrative settings could allow authenticated administrators to execute arbitrary commands on servers running affected instances.

CVE-2026-26046

HIGH

2026-02-21 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 21, 2026 - 06:17 nvd

HIGH 7.2

Description

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

Analysis

Moodle's TeX filter fails to properly sanitize administrative configuration inputs, enabling command injection on systems with ImageMagick installed. An authenticated administrator can inject arbitrary system commands through a malicious TeX filter setting, achieving code execution with the privileges of the Moodle server process. …

Remediation

Within 24 hours: Audit administrative access logs for the TeX filter configuration and restrict admin panel access to trusted networks only. Within 7 days: Disable the TeX filter if not actively used, or implement WAF rules to block suspicious filter configuration requests; document current filter configurations for change tracking. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +36

POC: 0

CVE-2026-26046 vulnerability details – vuln.today

Back

CVE-2026-26046

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-26046

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code