CVE-2026-26047 PUBLISHED

Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

Assigner: fedora
Reserved: 10.02.2026 Published: 21.02.2026 Updated: 21.02.2026

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Package Collection	https://github.com/moodle/moodle
Package Name	moodle
Versions	Default: unaffected affected from 0 to 4.5.9 (excl.) affected from 5.0.0 to 5.0.5 (excl.) affected from 5.1.0 to 5.1.2 (excl.)

Credits

Red Hat would like to thank Aleksey Solovev (Positive Technologies) for reporting this issue.

References

Problem Types

Uncontrolled Resource Consumption CWE