CVE-2026-26046
Received Received - Intake
Command Injection in Moodle TeX Filter Allows Server Compromise

Publication date: 2026-02-21

Last updated on: 2026-02-26

Assigner: Fedora Project

Description
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-21
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-21
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26046
EUVD
EUVD-2026-7389
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
moodle moodle to 4.5.9 (exc)
moodle moodle From 5.0.0 (inc) to 5.0.5 (exc)
moodle moodle From 5.1.0 (inc) to 5.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-26046 is an OS Command Injection vulnerability found in Moodle's TeX filter administrative configuration. It occurs because the input provided by a site administrator to configure the TeX filter is not properly sanitized before being processed by external utilities like ImageMagick."}, {'type': 'paragraph', 'content': 'This means that if an attacker has administrative access, they can enter specially crafted input that causes unintended system commands to be executed on the server running Moodle.'}] [1]

Impact Analysis

Exploitation of this vulnerability requires administrative privileges, but if successfully exploited, it can lead to full compromise of the Moodle server.

  • Unauthorized access to sensitive data stored on the server.
  • Disruption of Moodle services, potentially causing downtime.
  • Execution of arbitrary system commands, which could be used to install malware or further penetrate the network.
Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability involves checking if the Moodle TeX filter is enabled and if ImageMagick is installed on the server. Since exploitation requires administrative privileges and involves command injection via configuration input, monitoring for unusual or unauthorized changes in the TeX filter settings can help identify potential exploitation attempts.

There are no specific commands provided in the available resources to detect exploitation or presence of the vulnerability directly.

Mitigation Strategies

Immediate mitigation steps include disabling the Moodle TeX filter if it is not required, or restricting administrative access to trusted users only to prevent malicious configuration input.

Additionally, ensure that the Moodle installation is updated with any patches or fixes addressing this vulnerability once they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26046. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart