CVE-2026-26047
MEDIUM6.5EPSS 0.09%Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
發布日:2026/2/21修改日:2026/3/2
描述
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
受影響套件(2)
- Bitnami/moodlefrom 0, < 4.5.9, >= 5.0.0, < 5.0.5, >= 5.1.0, < 5.1.2
- Packagist/moodle/moodle>= 5.1.0-beta, < 5.1.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-26047
- PATCHhttps://github.com/moodle/moodle
- WEBhttps://access.redhat.com/security/cve/CVE-2026-26047
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2440905
- WEBhttps://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c
- WEBhttps://moodle.org/mod/forum/discuss.php?d=473316