{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26045", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2026-02-10T13:30:03.985Z", "datePublished": "2026-02-21T05:40:05.763Z", "dateUpdated": "2026-02-26T14:44:11.999Z"}, "containers": {"cna": {"title": "Moodle: moodle: improper validation in file restore functionality leading to remote code execution", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was identified in Moodle\u2019s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.5.9", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "lessThan": "5.0.5", "versionType": "semver"}, {"status": "affected", "version": "5.1.0", "lessThan": "5.1.2", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-26045", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440901", "name": "RHBZ#2440901", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-02-19T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "timeline": [{"lang": "en", "time": "2026-02-19T08:41:14.981Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-19T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Dinhnhi (VNPT-VCI) for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-21T05:40:05.763Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26045", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T04:56:33.151617Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:11.999Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26045", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T04:56:33.151617Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:31:58.688Z"}}], "cna": {"title": "Moodle: moodle: improper validation in file restore functionality leading to remote code execution", "credits": [{"lang": "en", "value": "Red Hat would like to thank Dinhnhi (VNPT-VCI) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.5.9", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "lessThan": "5.0.5", "versionType": "semver"}, {"status": "affected", "version": "5.1.0", "lessThan": "5.1.2", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-19T08:41:14.981Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-19T00:00:00.000Z", "value": "Made public."}], "datePublic": "2026-02-19T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-26045", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440901", "name": "RHBZ#2440901", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was identified in Moodle\u2019s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-21T05:40:05.763Z"}, "x_redhatCweChain": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}}, "cveMetadata": {"cveId": "CVE-2026-26045", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:11.999Z", "dateReserved": "2026-02-10T13:30:03.985Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2026-02-21T05:40:05.763Z", "assignerShortName": "fedora"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "80B1995C-45EB-41E5-A497-D565964750A1", "versionEndExcluding": "4.5.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CDB0968-2E2B-4C2F-BF59-9479D1EEC287", "versionEndExcluding": "5.0.5", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "36833D08-9C77-48B1-9240-7F326F5BB1CC", "versionEndExcluding": "5.1.2", "versionStartIncluding": "5.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was identified in Moodle\u2019s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en la funcionalidad de restauraci\u00f3n de copias de seguridad de Moodle donde los archivos de copia de seguridad especialmente dise\u00f1ados no se validaban correctamente durante el procesamiento. Si se restaura un archivo de copia de seguridad malicioso, podr\u00eda conducir a la ejecuci\u00f3n no intencionada de c\u00f3digo del lado del servidor. Dado que las capacidades de restauraci\u00f3n suelen estar disponibles para usuarios privilegiados, la explotaci\u00f3n requiere acceso autenticado. Una explotaci\u00f3n exitosa podr\u00eda resultar en el compromiso total del servidor Moodle."}], "id": "CVE-2026-26045", "lastModified": "2026-02-26T19:47:42.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2026-02-21T06:16:58.867", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-26045"}, {"source": "patrick@puiterwijk.org", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440901"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{}