CVE-2026-26047
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
6.5
MEDIUM
CVSS 3.1
EPSS 0.09%
Description
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
How to fix CVE-2026-26047
To remediate CVE-2026-26047, upgrade the affected package to a fixed version below.
- —upgrade to 4.5.9 or later
- —upgrade to 5.1.2 or later
Is CVE-2026-26047 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.5.9, >= 5.0.0, < 5.0.5, >= 5.1.0, < 5.1.2
- >= 5.1.0-beta, < 5.1.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |