NIXPKGS-2026-0323

GitHub issue published on

Permalink CVE-2026-26046

7.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse removed package moodle-dl 1 month, 2 weeks ago
@LeSuisse accepted 1 month, 2 weeks ago
@LeSuisse published on GitHub 1 month, 2 weeks ago

Moodle: moodle: improper input sanitization in tex filter administration setting

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

References

https://access.redhat.com/security/cve/CVE-2026-26046 x_refsource_REDHATvdb-entry
RHBZ#2440903 issue-trackingx_refsource_REDHAT

Affected products

moodle

<5.1.2
<5.0.5
<4.5.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@freezeboy freezeboy

Upstream advisory: https://moodle.org/mod/forum/discuss.php?d=473315#p1896306

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0323

References

Affected products

Matching in nixpkgs

pkgs.moodle

Package maintainers