CVE-2026-26045

Опубликовано: 21 фев. 2026

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

Ссылки

https://access.redhat.com/security/cve/CVE-2026-26045
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2440901
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 4.5.9 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.0.5 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 5.1.0 (включая) до 5.1.2 (исключая)

EPSS

Процентиль: 26%

0.00094

Низкий

7.2 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

CVE-2026-26045

CVSS3: 7.2

ubuntu

около 1 месяца назад

CVE-2026-26045

CVSS3: 7.2

debian

около 1 месяца назад

A flaw was identified in Moodle\u2019s backup restore functionality wh ...

GHSA-ggxq-2mg9-8966

CVSS3: 7.2

github

около 1 месяца назад

Moodle has a Remote Code Execution risk via file restore

EPSS

Процентиль: 26%

0.00094

Низкий

7.2 High

CVSS3

Дефекты

CWE-94