Plattform
php
Komponente
pens
Behoben in
2.0.0-RC.3
CVE-2026-34160 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the PENS Plugin of Chamilo LMS. This vulnerability allows an unauthenticated attacker to craft malicious requests through the package-url parameter, potentially exposing internal network services and sensitive data. The vulnerability impacts versions 1.0.0 through 2.0-RC.2, and a fix is available in version 2.0.0-RC.3.
The SSRF vulnerability in Chamilo LMS's PENS plugin presents a significant security risk. An attacker can leverage this flaw to scan the internal network for open ports and services, potentially identifying vulnerable applications or misconfigured systems. More critically, the vulnerability allows access to cloud metadata endpoints, such as 169.254.169.254, which often contain sensitive information like IAM credentials and instance metadata. Successful exploitation could lead to unauthorized access to cloud resources, data breaches, and complete compromise of the affected Chamilo LMS instance and potentially connected systems. This vulnerability shares similarities with other SSRF exploits where attackers leverage the server's ability to make outbound requests to gain unauthorized access.
CVE-2026-34160 was publicly disclosed on 2026-04-14. The vulnerability is not currently listed on CISA KEV, and the EPSS score is pending evaluation. No public proof-of-concept exploits have been published at the time of writing, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing Chamilo LMS, particularly those deploying it in cloud environments (AWS, Azure, GCP), are at significant risk. Shared hosting environments where multiple Chamilo instances reside on the same server are also vulnerable, as a compromise of one instance could potentially lead to the compromise of others. Legacy Chamilo installations that have not been regularly updated are especially susceptible.
• web: Use curl or wget to check if the pens.php endpoint is accessible without authentication and if the package-url parameter accepts arbitrary URLs.
curl -I http://your-chamilo-instance/public/plugin/Pens/pens.php?package-url=http://169.254.169.254/latest/meta-data/iam/security-credentials/admin• generic web: Examine access and error logs for requests to pens.php with unusual or internal IP addresses in the package-url parameter.
• php: Review the pens.php file for the absence of input validation on the package-url parameter.
disclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-34160 is to immediately upgrade Chamilo LMS to version 2.0.0-RC.3 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict outbound network access from the Chamilo LMS server using a Web Application Firewall (WAF) or proxy to block requests to suspicious IP addresses and domains. Implement strict input validation on the package-url parameter, rejecting requests with invalid or potentially malicious URLs. Monitor server logs for unusual outbound requests originating from the PENS plugin endpoint. After upgrading, verify the fix by attempting to access a known internal service or cloud metadata endpoint through the PENS plugin; the request should be blocked.
Aktualisieren Sie das PENS-Plugin auf Version 2.0.0-RC.3 oder höher, um die SSRF-Schwachstelle zu beheben. Dieses Update implementiert Filter, um zu verhindern, dass der Server Daten von privaten oder internen IP-Adressen abruft, wodurch unautorisierter Zugriff auf interne Ressourcen verhindert wird.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-34160 is a Server-Side Request Forgery (SSRF) vulnerability in the PENS plugin of Chamilo LMS versions 1.0.0 through 2.0-RC.2, allowing unauthenticated attackers to probe internal services.
You are affected if you are running Chamilo LMS with the PENS plugin in versions 1.0.0 through 2.0-RC.2. Upgrade to 2.0.0-RC.3 or later to mitigate the risk.
The recommended fix is to upgrade Chamilo LMS to version 2.0.0-RC.3 or later. As a temporary workaround, restrict access to the pens.php endpoint and validate the package-url parameter.
There are currently no publicly known active exploits for CVE-2026-34160, but its SSRF nature makes it a likely target for exploitation.
Refer to the official Chamilo security advisory for CVE-2026-34160 on the Chamilo website (check their security announcements page).
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.