Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Moodle TeX Formula Editor Can Overload Servers
CVE-2026-26047
GHSA-cg8j-5cr2-568q
Summary
Moodle's TeX formula editor is at risk of being overwhelmed by malicious input, potentially causing the server to become slow or unresponsive. This could happen when a user enters a specially crafted mathematical formula. To protect your server, ensure you have the latest Moodle updates installed.
What to do
- Update moodle moodle to version 5.1.2.
- Update moodle moodle to version 5.0.5.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| moodle | moodle | > 5.1.0-beta , <= 5.1.2 | 5.1.2 |
| moodle | moodle | > 5.0.0-beta , <= 5.0.5 | 5.0.5 |
| moodle | moodle | <= 4.5.9 | – |
| moodle | moodle | > 5.0.0 , <= 5.0.5 | – |
| moodle | moodle | > 5.1.0 , <= 5.1.2 | – |
Original title
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
Original description
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
nvd CVSS3.1
6.5
Vulnerability type
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits
- https://nvd.nist.gov/vuln/detail/CVE-2026-26047
- https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c
- https://moodle.org/mod/forum/discuss.php?d=473316
- https://github.com/advisories/GHSA-cg8j-5cr2-568q
- https://access.redhat.com/security/cve/CVE-2026-26047 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2440905 Third Party Advisory
Published: 21 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026