CVE-2026-26047: Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
(updated )
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
References
- access.redhat.com/security/cve/CVE-2026-26047
- bugzilla.redhat.com/show_bug.cgi?id=2440905
- github.com/advisories/GHSA-cg8j-5cr2-568q
- github.com/moodle/moodle
- github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c
- moodle.org/mod/forum/discuss.php?d=473316
- nvd.nist.gov/vuln/detail/CVE-2026-26047
Code Behaviors & Features
Detect and mitigate CVE-2026-26047 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →