CVE-2026-26046

CVE-2026-26046

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

Published Feb 23, 2026

https://moodle.org/mod/forum/discuss.php?d=473315#p1896306 https://access.redhat.com/security/cve/CVE-2026-26046 https://bugzilla.redhat.com/show_bug.cgi?id=2440903

CVSS ScoreHigh

8.6

Vulnerabilities

CVE-2026-26046

Published Feb 23, 2026

https://moodle.org/mod/forum/discuss.php?d=473315#p1896306 https://access.redhat.com/security/cve/CVE-2026-26046 https://bugzilla.redhat.com/show_bug.cgi?id=2440903

CVSS ScoreHigh

8.6

CVE-2026-26046 Security Details

CVE ID: CVE-2026-26046
CWE: CWE-78
CVE Description: A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
Published: Feb 23, 2026
CVSS Score & Severity: 8.6High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score: 0.171%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://moodle.org/mod/forum/discuss.php?d=473315#p1896306PROJECT
https://access.redhat.com/security/cve/CVE-2026-26046THIRD_PARTY
https://bugzilla.redhat.com/show_bug.cgi?id=2440903THIRD_PARTY

CVE-2026-26046 Security Details

CVE ID: CVE-2026-26046
CWE: CWE-78
CVE Description: A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
Published: Feb 23, 2026
CVSS Score & Severity: 8.6High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score: 0.171%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://moodle.org/mod/forum/discuss.php?d=473315#p1896306PROJECT
https://access.redhat.com/security/cve/CVE-2026-26046THIRD_PARTY
https://bugzilla.redhat.com/show_bug.cgi?id=2440903THIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2026-26046

CVE-2026-26046 Security Details

CVE-2026-26046 Security Details