CVE-2026-26047
Denial-of-Service in Moodle TeX Editor via mimetex Resource Exhaustion
Publication date: 2026-02-21
Last updated on: 2026-02-26
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moodle | moodle | to 4.5.9 (exc) |
| moodle | moodle | From 5.0.0 (inc) to 5.0.5 (exc) |
| moodle | moodle | From 5.1.0 (inc) to 5.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-26047 is a denial-of-service (DoS) vulnerability in Moodle's TeX formula editor. It occurs because the mimetex component, which renders TeX content, does not have sufficient execution time limits. This allows an authenticated user to submit specially crafted TeX formulas that consume excessive server resources, particularly CPU time."}, {'type': 'paragraph', 'content': "As a result, the Moodle server's performance can degrade significantly or the service can be completely interrupted."}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service on your Moodle instance. An authenticated user can exploit it to consume excessive CPU resources, leading to severe performance degradation or a complete outage of the Moodle service.
While the confidentiality and integrity of your system are not affected, the availability of the Moodle platform is at risk, potentially disrupting access for legitimate users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring the Moodle server for unusually high CPU usage or performance degradation when rendering TeX formulas using the mimetex component.'}, {'type': 'paragraph', 'content': 'Commands to help detect this issue include checking running processes and CPU usage on the server during TeX rendering, for example:'}, {'type': 'list_item', 'content': "Use 'top' or 'htop' to monitor CPU usage in real-time."}, {'type': 'list_item', 'content': "Use 'ps aux --sort=-%cpu | head' to identify processes consuming the most CPU."}, {'type': 'list_item', 'content': 'Check Moodle logs for any errors or slow responses related to TeX rendering.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the use of the TeX formula editor or mimetex component until a patch or update is applied.
Additionally, limit authenticated user permissions to reduce the risk of abuse and monitor server resource usage closely to detect and respond to potential exploitation attempts.
Applying any available updates or patches from Moodle that address this vulnerability is also critical.