cvedb.io
CVE-2026-26046
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2026-02-21T06:17:00.203 · Last modified 2026-06-17T10:25:38.547

Summary

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

Affected products

moodle — moodle

Does this affect you?

Add your gear to cvedb and we'll alert you only when moodle ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.