Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
Any version before 4.5.9
affected
5.0.0 (semver) before 5.0.5
affected
5.1.0 (semver) before 5.1.2
affected
Description
A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
Problem types
Uncontrolled Resource Consumption
Product status
Any version before 4.5.9
5.0.0 (semver) before 5.0.5
5.1.0 (semver) before 5.1.2
Timeline
| 2026-02-19: | Reported to Red Hat. |
| 2026-02-19: | Made public. |
Credits
Red Hat would like to thank Aleksey Solovev (Positive Technologies) for reporting this issue.
References
access.redhat.com/security/cve/CVE-2026-26047
bugzilla.redhat.com/show_bug.cgi?id=2440905 (RHBZ#2440905)