Home / Vulnerability Intelligence / CVE-2026-29041

CVE-2026-29041 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 9, 2026

Chamilo LMS - Remote Code Execution

Published: March 6, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

Chamilo LMS < 1.11.34 contains an authenticated remote code execution caused by improper validation of uploaded files relying only on MIME-type verification, letting authenticated low-privileged users execute arbitrary commands on the server.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 23.7%(Probability of exploitation in next 30 days)

Impact

Authenticated low-privileged users can execute arbitrary commands on the server, potentially leading to full system compromise.

Mitigation

Update to version 1.11.34 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🟠 CVE-2026-29041 - High (8.8) Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verifica... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29041/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/celeboy711-hue/CVE-2026-29041

Related Resources

Details

CVE ID: CVE-2026-29041
Severity: High
CVSS Score: 8.8
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 23.7%
Social Posts: 1

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

23.7%Probability of exploitation in the next 30 days