CVE-2026-34160

EPSS 0.05%
Veröffentlicht 14.04.2026 21:09:36
Zuletzt bearbeitet 17.04.2026 15:38:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetches using curl without filtering private or internal IP addresses, enabling unauthenticated Server-Side Request Forgery (SSRF). An attacker can exploit this to probe internal network services, access cloud metadata endpoints (such as 169.254.169.254) to steal IAM credentials and sensitive instance metadata, or trigger state-changing operations on internal services via the receipt and alerts callback parameters. No authentication is required to exploit either SSRF vector, significantly increasing the attack surface. This issue has been fixed in version 2.0.0-RC.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerchamilo

≫

Produkt chamilo-lms

Version < 2.0-RC.3

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.155

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-g2xj-4cch-j276

https://github.com/chamilo/chamilo-lms/commit/de4058d76fac2413afd023b1ec942e8e79579011

https://nvd.nist.gov/vuln/detail/CVE-2026-34160

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34160

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34160

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34160