Multiple Vulnerabilities in Moodle (June 23, 2026)
Multiple vulnerabilities have been discovered in Moodle. Some of them allow an attacker to cause a remote denial of service, server-side request forgery (SSRF), and indirect remote code injection (XSS).
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to cause a remote denial of service, server-side request forgery (SSRF), and indirect remote code injection (XSS).
- Who is affected
- Deployments of Moodle are affected.
- Urgency
- Remediation is urgent due to the potential for remote denial of service and code injection.
- Action
- Users should apply the necessary updates as soon as they are available.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Moodle
Get an email when a new Moodle advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0794/
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10