Unauthenticated SSRF in Chamilo LMS Plugin Affects Internal Network Security
CVE-2026-34160

8.6HIGH

Key Information:

Vendor

Chamilo

Status
Chamilo-lms
Vendor
CVE Published:
14 April 2026

What is CVE-2026-34160?

The Chamilo LMS is affected by a security issue in its PENS plugin, allowing unauthenticated access to an endpoint that fetches user-controlled URLs. Malicious actors can leverage this vulnerability to probe internal network services, access sensitive cloud metadata endpoints, and manipulate internal services without authentication. This considerable flaw in security architecture heightens the possibilities for unauthorized access and data leaks, making it essential for users to update to version 2.0.0-RC.3 or later to mitigate these risks.

Affected Version(s)

chamilo-lms < 2.0-RC.3

References

https://github.com/chamilo/chamilo-lms/security/advisorie...
x_refsource_CONFIRM
https://github.com/chamilo/chamilo-lms/commit/de4058d76fa...
x_refsource_MISC
https://github.com/chamilo/chamilo-lms/releases/tag/v2.0....
x_refsource_MISC

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.