Login Sign Up

CVE-2026-26047

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability allows authenticated Moodle users to craft malicious TeX formulas that consume excessive server resources when rendered, potentially causing denial-of-service conditions. It affects Moodle installations using the mimetex TeX rendering component with insufficient execution time limits.

💻 Affected Systems

Products:
  • Moodle
Versions: Specific versions not detailed in provided references; consult vendor advisory for exact affected versions.
Operating Systems: All platforms running vulnerable Moodle versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations using mimetex for TeX rendering. Other TeX renderers may not be vulnerable.

📦 What is this software?

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of Moodle instance due to resource exhaustion, affecting all users and potentially requiring server restart.

🟠

Likely Case

Degraded performance and intermittent service disruptions affecting user experience and learning activities.

🟢

If Mitigated

Minimal impact with proper resource limits and monitoring in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated user access to submit TeX formulas. Attack complexity is low once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Moodle security advisories for specific patched versions

Vendor Advisory: https://moodle.org/security/

Restart Required: No

Instructions:

1. Check Moodle security advisory for CVE-2026-26047
2. Update to patched Moodle version
3. Verify mimetex configuration has proper execution limits

🔧 Temporary Workarounds

Configure mimetex execution limits

all

Set strict CPU/time limits for mimetex processes to prevent resource exhaustion

Configure in Moodle admin settings or server environment (specific commands depend on OS and configuration)

Disable mimetex rendering

all

Temporarily disable mimetex TeX rendering if not essential

Modify Moodle configuration to use alternative TeX renderer or disable TeX support

🧯 If You Can't Patch

  • Implement strict resource limits for mimetex processes at OS level
  • Monitor server resource usage and set alerts for abnormal mimetex activity

🔍 How to Verify

Check if Vulnerable:

Check Moodle version and mimetex configuration. If using vulnerable version with mimetex enabled, system is vulnerable.

Check Version:

Check Moodle version via admin interface or version.php file

Verify Fix Applied:

Verify Moodle is updated to patched version and mimetex has proper execution limits configured.

📡 Detection & Monitoring

Log Indicators:

  • Unusually long mimetex process execution times
  • High CPU/memory usage by mimetex processes
  • Multiple failed TeX rendering attempts

Network Indicators:

  • Increased server response times for pages with TeX content
  • Service degradation during specific user sessions

SIEM Query:

Search for mimetex processes with abnormal execution duration or resource consumption patterns

📊 Metadata

CVE ID: CVE-2026-26047
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: February 21, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26047, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)