Description
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
Published: 2026-02-21
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

A flaw in Moodle’s backup restore functionality permits an attacker to craft a malicious backup file that bypasses validation checks, potentially leading to unintended execution of server-side code when the file is processed. The vulnerability can fully compromise a Moodle server, exposing its configuration, user data, and any integrated applications to an attacker.

Affected Systems

All Moodle deployments that have the backup restore feature enabled are potentially affected; specific version information is not provided, so all current releases should be considered at risk.

Risk and Exploitability

The CVSS score of 7.2 indicates a high risk of exploitation, while the EPSS score of less than 1% reflects a low probability of known activity, though the vulnerability still exists. Because the backup restore function is usually available only to privileged users, successful exploitation requires authenticated access, likely via the Moodle web interface. The vulnerability can lead to complete compromise of the server by executing arbitrary code, thereby affecting confidentiality, integrity, and availability.

Generated by OpenCVE AI on April 17, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest Moodle security update that addresses the backup restore validation flaw.
  • Restrict backup restore functionality to trusted administrators only and enable two‑factor authentication for privileged accounts.
  • Validate the integrity or signature of backup files before restoring, or use a staging environment to test uploads.

Generated by OpenCVE AI on April 17, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-ggxq-2mg9-8966 Moodle has a Remote Code Execution risk via file restore
History

Thu, 26 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Mon, 23 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Moodle
Moodle moodle
Vendors & Products Moodle
Moodle moodle

Sat, 21 Feb 2026 06:00:00 +0000

Type Values Removed Values Added
Description A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
Title Moodle: moodle: improper validation in file restore functionality leading to remote code execution
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Moodle Moodle
cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published:

Updated: 2026-02-26T14:44:11.999Z

Reserved: 2026-02-10T13:30:03.985Z

Link: CVE-2026-26045

cve-icon Vulnrichment

Updated: 2026-02-23T19:31:58.688Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T06:16:58.867

Modified: 2026-02-26T19:47:42.953

Link: CVE-2026-26045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:00:10Z

Weaknesses