Moodle Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2026-26045

A flaw was identified in Moodles backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.