Plattform
php
Komponente
chamilo-lms
Behoben in
2.0.1
CVE-2026-40291 describes a privilege escalation vulnerability discovered in Chamilo LMS. This flaw allows authenticated users with the ROLESTUDENT role to elevate their privileges to the highly privileged ROLEADMIN role. The vulnerability impacts versions of Chamilo LMS prior to 2.0.0-RC.3 and has been resolved in version 2.0.0-RC.3.
An attacker exploiting this vulnerability can gain complete administrative control over the Chamilo LMS instance. This includes the ability to modify user accounts, manage courses, configure system settings, and potentially access sensitive data stored within the LMS. The impact is significant, as a successful attack could compromise the entire learning environment and the data it contains. This vulnerability bypasses the intended security checks within the API, allowing unauthorized privilege elevation.
This vulnerability was publicly disclosed on 2026-04-14. Currently, there are no known public exploits or active campaigns targeting this specific vulnerability. However, given the ease of exploitation and the potential impact, it is likely to be targeted by malicious actors. The vulnerability's reliance on API manipulation aligns with common attack patterns seen in other web applications.
Educational institutions and organizations utilizing Chamilo LMS for online learning are at risk. Specifically, deployments with a large number of student users and those relying heavily on the LMS API for integrations are particularly vulnerable. Organizations using older, unpatched versions of Chamilo LMS are also at increased risk.
• php: Examine Chamilo LMS API logs for requests to /api/users/{id} where the roles field is being modified by a user with ROLE_STUDENT.
grep 'ROLE_STUDENT.*roles' /var/log/chamilo/api.log• generic web: Monitor access logs for unusual patterns of requests to the /api/users/{id} endpoint, particularly those originating from users with the ROLE_STUDENT role.
grep '/api/users/[0-9]+/ 192.168.1.100' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-40291 is to immediately upgrade Chamilo LMS to version 2.0.0-RC.3 or later. If upgrading is not immediately feasible, consider implementing stricter access controls and input validation on the /api/users/{id} endpoint. While not a complete fix, this can reduce the attack surface. Review user roles and permissions to ensure least privilege is enforced. Monitor API logs for suspicious activity, particularly modifications to user roles.
Aktualisieren Sie Chamilo LMS auf Version 2.0.0-RC.3 oder höher, um die Privilege Escalation-Schwachstelle zu beheben. Dieses Update behebt den Rollenvalidierungsfehler in der API und verhindert, dass Benutzer mit eingeschränkten Rollen ihre Rollen auf Administrator ändern können.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40291 is a vulnerability in Chamilo LMS versions prior to 2.0.0-RC.3 that allows authenticated ROLESTUDENT users to escalate their privileges to ROLEADMIN.
You are affected if you are using Chamilo LMS versions 2.0-RC.3 or earlier. Upgrade to 2.0.0-RC.3 or later to mitigate the risk.
Upgrade Chamilo LMS to version 2.0.0-RC.3 or later. As a temporary workaround, restrict access to the /api/users/{id} endpoint for ROLE_STUDENT users.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the official Chamilo LMS security advisories on their website for the latest information and updates regarding CVE-2026-40291.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.