CVE-2026-29041

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-29041

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29041.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-29041

Aliases

GHSA-4pc3-4w2v-vwx8

Published

2026-03-06T03:32:37.563Z

Modified

2026-04-10T05:41:27.425963Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Details

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.

Database specific

{
    "cwe_ids": [
        "CWE-434"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29041.json"
}

References

Affected packages

Git / github.com/chamilo/chamilo-lms

Affected ranges

Type: GIT
Repo: https://github.com/chamilo/chamilo-lms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7eb5c84dbd65b950c1ccfbc6b0262d60b04e40b7

Affected versions

Other

CHAMILO_1_8_7_ALPHA_1

CHAMILO_1_8_7_ALPHA_2

CHAMILO_1_8_7_RC2

CHAMILO_1_8_7_RC_1

CHAMILO_1_8_7_STABLE

CHAMILO_1_8_7_STABLE_BIS

CHAMILO_1_8_8_2_RC_1

CHAMILO_1_8_8_2_STABLE

CHAMILO_1_8_8_2_STABLE_2

CHAMILO_1_8_8_4_STABLE

CHAMILO_1_8_8_ALPHA

CHAMILO_1_8_8_BETA_1

CHAMILO_1_8_8_BETA_2

CHAMILO_1_9_0_ALPHA_1

CHAMILO_1_9_0_ALPHA_2

CHAMILO_1_9_0_ALPHA_4

CHAMILO_1_9_0_PRE_ALPHA

CHAMILO_1_9_0_RC_1

CHAMILO_1_9_0_STABLE_2

CHAMILO_1_9_0_STABLE_3

CHAMILO_1_9_2_STABLE

CHAMILO_1_9_2_STABLE_QUARTER

CHAMILO_1_9_4_ALPHA_1

CHAMILO_1_9_4_RC_1

CHAMILO_1_9_4_STABLE

CHAMILO_1_9_6_RC_1

CHAMILO_1_9_6_RC_2

CHAMILO_1_9_6_STABLE

CHAMILO_1_8_8.*

CHAMILO_1_8_8.3_STABLE_4

v1.*

v1.11.10

v1.11.12

v1.11.14

v1.11.14-beta.1

v1.11.18

v1.11.20

v1.11.20-beta.1

v1.11.22

v1.11.22-beta.1

v1.11.22-beta.2

v1.11.24

v1.11.26

v1.11.26-rc.1

v1.11.28

v1.11.30

v1.11.30-rc.1

v1.11.32

v1.11.6

v1.11.6-alpha.1

v1.8.6.1

v1.9.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29041.json"