CVE-2026-26046 — HIGH (7.2)

Q: How severe is CVE-2026-26046?

CVE-2026-26046 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-26046?

Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.

Vulnerability Description

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moodle	Moodle	< 4.5.9

Related Weaknesses (CWE)

CWE-78

References

https://access.redhat.com/security/cve/CVE-2026-26046Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2440903Third Party Advisory

FAQ

What is CVE-2026-26046?

CVE-2026-26046 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled a...

How severe is CVE-2026-26046?

CVE-2026-26046 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-26046?

Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.