CVE-2026-26047

MEDIUM 6.5

Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

CWE	CWE-400
Published	Feb 21, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-26047 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2440905

Credits

Red Hat would like to thank Aleksey Solovev (Positive Technologies) for reporting this issue.