HarborGuard / CVE
Back to search
HIGHCVE-2026-26046Published Modified CNA fedora

CVE-2026-26046: Moodle: moodle: improper input sanitization in tex filter administration setting

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

Metrics

CVSS v3.1
7.2
Severity
HIGH
Fixed in
4.5.9
Affected Products
1

Fix available

4.5.95.0.55.1.2
Affected packages
  • unknown
    < 4.5.9 (from 0) · < 5.0.5 (from 5.0.0) · < 5.1.2 (from 5.1.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References