Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
Moodle Backup Files Can Execute Malicious Code on Server
CVE-2026-26045
GHSA-ggxq-2mg9-8966
Summary
Moodle's backup and restore feature has a security flaw that could allow an attacker to execute malicious code on the server. This requires a malicious user to have access to restore capabilities, which are typically given to trusted administrators. Users should update Moodle to the latest version to prevent this risk.
What to do
- Update moodle moodle to version 5.1.2.
- Update moodle moodle to version 5.0.5.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| moodle | moodle | > 5.1.0-beta , <= 5.1.2 | 5.1.2 |
| moodle | moodle | > 5.0.0-beta , <= 5.0.5 | 5.0.5 |
| moodle | moodle | <= 4.5.9 | – |
| moodle | moodle | > 5.0.0 , <= 5.0.5 | – |
| moodle | moodle | > 5.1.0 , <= 5.1.2 | – |
Original title
Moodle has a Remote Code Execution risk via file restore
Original description
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
nvd CVSS3.1
7.2
Vulnerability type
CWE-94
Code Injection
- https://nvd.nist.gov/vuln/detail/CVE-2026-26045
- https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da
- https://moodle.org/mod/forum/discuss.php?d=473314
- https://github.com/advisories/GHSA-ggxq-2mg9-8966
- https://access.redhat.com/security/cve/CVE-2026-26045 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2440901 Third Party Advisory
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026