Home / Vulnerability Intelligence / CVE-2026-31282

CVE-2026-31282 - Vulnerability Analysis

N/a

Last Updated: April 13, 2026

Totara LMS - Broken Access Control

Published: April 13, 2026Updated: April 13, 2026PoC Available

Overview

Totara LMS <= 19.1.5 contains an incorrect access control vulnerability caused by manipulation of the login page code, letting attackers reveal the login form and perform brute force attacks, exploit requires no special privileges.

Severity & Score

Severity: N/a

Impact

Attackers can bypass access control to reveal the login form and perform brute force attacks, potentially leading to unauthorized access.

Mitigation

Update to the latest version beyond 19.1.5.

References

https://github.com/saykino/CVE-2026-31282
https://www.totara.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31282
Severity: N/a
Type: broken_access_control
Status: new

CVSS Metrics

N/A