CVE-2026-26047
Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service
6.5
MEDIUM
CVSS 3.1
EPSS 0.09%
Description
A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
How to fix CVE-2026-26047
To remediate CVE-2026-26047, upgrade the affected package to a fixed version below.
- —upgrade to 4.5.9 or later
- —upgrade to 5.1.2 or later
Is CVE-2026-26047 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.5.9, >= 5.0.0, < 5.0.5, >= 5.1.0, < 5.1.2
- >= 5.1.0-beta, < 5.1.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |