VYPR
High severityNVD Advisory· Published Feb 21, 2026· Updated Feb 26, 2026

Moodle: moodle: improper validation in file restore functionality leading to remote code execution

CVE-2026-26045

Description

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 5.1.0-beta, < 5.1.25.1.2
moodle/moodlePackagist
>= 5.0.0-beta, < 5.0.55.0.5
moodle/moodlePackagist
< 4.5.94.5.9

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.