NIXPKGS-2026-0325

GitHub issue published on

Permalink CVE-2026-26047

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse removed package moodle-dl 1 month, 2 weeks ago
@LeSuisse accepted 1 month, 2 weeks ago
@LeSuisse published on GitHub 1 month, 2 weeks ago

Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

References

https://access.redhat.com/security/cve/CVE-2026-26047 x_refsource_REDHATvdb-entry
RHBZ#2440905 issue-trackingx_refsource_REDHAT

Affected products

moodle

<5.1.2
<5.0.5
<4.5.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@freezeboy freezeboy

Upstream advisory: https://moodle.org/mod/forum/discuss.php?d=473316#p1896307

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0325

References

Affected products

Matching in nixpkgs

pkgs.moodle

Package maintainers