CVE-2026-26045

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-26045
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26045.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-26045
Aliases
Downstream
Published
2026-02-21T06:16:58.867Z
Modified
2026-03-02T09:40:58.909355Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6b4d33a98f43ac19f1a37952467c8fbc722d0bdb
Introduced
78e860178314c45441a21e0b99455400b8283d48
Fixed
e1c3872f65bf261ecfe3cf7d171f98580f209089
Introduced
eb47eff0719455a7e1f7a9805bc75dad3f6b3995
Fixed
ac802ad8043e957fc8d6b9dfba4bb60f20949959

Affected versions

v5.*
v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.0-beta
v5.1.0-rc1
v5.1.0-rc2
v5.1.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26045.json"