2440903 – (CVE-2026-26046) CVE-2026-26046 moodle: Moodle: Improper Input Sanitization in TeX Filter Administration Setting

Bug 2440903 (CVE-2026-26046) - CVE-2026-26046 moodle: Moodle: Improper Input Sanitization in TeX Filter Administration Setting

Summary: CVE-2026-26046 moodle: Moodle: Improper Input Sanitization in TeX Filter Admi...

Keywords:
Status:	NEW
Alias:	CVE-2026-26046
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2440904
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-19 08:53 UTC by OSIDB Bzimport
Modified:	2026-02-19 08:55 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-19 08:53:02 UTC

An OS Command Injection vulnerability exists in Moodle’s TeX filter administrative configuration due to insufficient sanitization of input parameters processed by external utilities such as ImageMagick. A site administrator could supply crafted input that results in execution of arbitrary operating system commands. Successful exploitation allows full compromise of the Moodle server, including unauthorized access to data and service disruption. This issue affects sites where the TeX notation filter is enabled and ImageMagick is present.

Note You need to log in before you can comment on or make changes to this bug.