CVE-2024-43426
High
Published: 07 November 2024
Published
07 November 2024
Modified
05 August 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.0091
76.3th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-43426 is a high-severity Improper Validation of Specified Type of Input (CWE-1287) vulnerability in Moodle Moodle. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 23.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-3318
Vulnerability details
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
moodle
moodle
4.1.0 — 4.1.12 · 4.2.0 — 4.2.9 · 4.3.0 — 4.3.6
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.