Plattform
php
Komponente
chamilo-lms
Behoben in
1.11.39
2.0.1
CVE-2026-31941 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Chamilo LMS. This flaw allows an authenticated attacker to manipulate the readurlwithopengraph endpoint to initiate arbitrary HTTP requests, potentially exposing internal resources. The vulnerability impacts versions 1.11.0 through 2.0.0-RC.3, and a patch is available in version 1.11.38.
The SSRF vulnerability in Chamilo LMS allows an attacker to bypass security controls and interact with internal systems that are normally inaccessible from the outside. By crafting malicious URLs within the socialwallnewmsgmain POST parameter, an attacker can instruct the Chamilo LMS server to make requests to any internal service or external resource. This could lead to the exposure of sensitive data, such as cloud instance metadata, internal port scanning, and potentially even the exploitation of other vulnerabilities within the internal network. The ability to scan internal ports significantly expands the attack surface, allowing attackers to identify and target other vulnerable services.
CVE-2026-31941 was publicly disclosed on 2026-04-10. There is no indication of this vulnerability being actively exploited at this time. The vulnerability's impact is amplified by the potential for internal network scanning and metadata exposure, similar to other SSRF vulnerabilities. No KEV listing is currently available.
Organizations utilizing Chamilo LMS for online learning and training are at risk, particularly those with internal services accessible from the LMS server. Shared hosting environments where Chamilo LMS instances share resources with other applications are also at increased risk, as a compromised Chamilo instance could be used to attack other tenants on the same server.
• linux / server:
journalctl -u chamilo | grep -i "read_url_with_open_graph"• generic web:
curl -I http://your-chamilo-instance/social_wall/read_url_with_open_graph?social_wall_new_msg_main=http://169.254.169.254/latest/meta-data/ | grep 'HTTP/1.1 302' # Check for redirection to internal metadata endpointdisclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-31941 is to upgrade Chamilo LMS to version 1.11.38 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict network access to the Chamilo LMS server to only necessary internal resources. Implement a Web Application Firewall (WAF) with rules to block suspicious outbound requests, particularly those targeting internal IP addresses or cloud metadata endpoints. Carefully review and validate all user-supplied input, especially URLs, to prevent malicious manipulation. After upgrading, confirm the fix by attempting to trigger the vulnerable endpoint with a known malicious URL and verifying that the request is blocked or handled securely.
Aktualisieren Sie Chamilo LMS auf Version 1.11.38 oder höher, oder auf Version 2.0.0-RC.3 oder höher. Dieses Update behebt die SSRF-Vulnerabilität durch Validierung der vom Benutzer bereitgestellten (URLs) vor dem Durchführen von HTTP-Anfragen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-31941 is a Server-Side Request Forgery vulnerability in Chamilo LMS versions 1.11.0 through <2.0.0-RC.3, allowing attackers to make arbitrary HTTP requests.
You are affected if you are running Chamilo LMS versions 1.11.0 through <2.0.0-RC.3. Upgrade to 1.11.38 or later to mitigate the risk.
Upgrade Chamilo LMS to version 1.11.38 or later. As a temporary workaround, restrict outbound network access using a WAF or proxy.
No active exploitation campaigns have been publicly reported, but the SSRF nature of the vulnerability makes exploitation likely.
Refer to the official Chamilo LMS security advisories on their website for the latest information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.