UBUNTU-CVE-2026-26047

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-26047

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-26047.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-26047

Upstream

CVE-2026-26047

Published

2026-02-21T06:17:00Z

Modified

2026-02-27T09:59:13Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

References

Affected packages

Ubuntu:16.04:LTS / moodle

Package

Name: moodle
Purl: pkg:deb/ubuntu/moodle@3.0.3+dfsg-0ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.9+dfsg-1

2.7.10+dfsg-1

2.7.11+dfsg-1

2.7.11+dfsg-2

2.7.12+dfsg-1

3.*

3.0.3+dfsg-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.0.3+dfsg-0ubuntu1",
            "binary_name": "moodle"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-26047.json"

Ubuntu:18.04:LTS / moodle