CVE-2026-26045 PUBLISHED

Moodle: moodle: improper validation in file restore functionality leading to remote code execution

Assigner: fedora
Reserved: 10.02.2026 Published: 21.02.2026 Updated: 21.02.2026

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.2

Product Status

Package Collection https://github.com/moodle/moodle
Package Name moodle
Versions Default: unaffected
  • affected from 0 to 4.5.9 (excl.)
  • affected from 5.0.0 to 5.0.5 (excl.)
  • affected from 5.1.0 to 5.1.2 (excl.)

Credits

  • Red Hat would like to thank Dinhnhi (VNPT-VCI) for reporting this issue.

References

Problem Types

  • Improper Control of Generation of Code ('Code Injection') CWE