HIGHCVE-2026-26045Published Modified CNA fedora
CVE-2026-26045: Moodle: moodle: improper validation in file restore functionality leading to remote code execution
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
Metrics
- CVSS v3.1
- 7.2
- Severity
- HIGH
- Fixed in
- 4.5.9
- Affected Products
- 1
Fix available
4.5.95.0.55.1.2
Affected packages
- unknown< 4.5.9 (from 0) · < 5.0.5 (from 5.0.0) · < 5.1.2 (from 5.1.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HReferences