CVE-2026-31941
Published: 10 April 2026
Summary
CVE-2026-31941 is a high-severity SSRF (CWE-918) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-4 (Information Flow Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates validation of user-supplied URLs in the social_wall_new_msg_main POST parameter to block SSRF exploitation by rejecting internal or malicious targets.
AC-4 enforces information flow controls to restrict application-initiated requests to unauthorized internal resources or ports, mitigating SSRF impacts.
SC-7 implements boundary protections like firewalls or proxies to deny server outbound connections to internal services and cloud metadata endpoints targeted by SSRF.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF allows authenticated attacker to force server-side HTTP requests to arbitrary/internal URLs, directly enabling port scanning for service discovery (T1046) and retrieval of cloud instance metadata (T1522).
NVD Description
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main POST parameter…
more
and performs two server-side HTTP requests to that URL without validating whether the target is an internal or external resource. This allows an authenticated attacker to force the server to make arbitrary HTTP requests to internal services, scan internal ports, and access cloud instance metadata. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
Deeper analysisAI
CVE-2026-31941 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting Chamilo LMS, an open-source learning management system. The issue resides in the Social Wall feature, specifically the read_url_with_open_graph endpoint, which accepts a user-supplied URL via the social_wall_new_msg_main POST parameter and issues two server-side HTTP requests to that URL without validating whether it points to an internal or external resource. Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 are vulnerable, earning a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
An authenticated attacker with low privileges can exploit this vulnerability remotely with low complexity and no user interaction required. By supplying a malicious URL, they can compel the server to originate arbitrary HTTP requests, enabling port scanning of internal networks, access to internal services, and retrieval of sensitive data such as cloud instance metadata endpoints (e.g., on AWS, Azure, or GCP).
The vulnerability is addressed in Chamilo LMS versions 1.11.38 and 2.0.0-RC.3 through fixes documented in GitHub commits e3790c5f0ff3b4dc547c2099fadf5c438c1bb265 and ea6b7b7e90580c9b01dc4bcafe4ad737061e0ead, with further details in the security advisory at GHSA-q74c-mx8x-489h. Security practitioners should upgrade to these patched versions and review access controls on the Social Wall feature to mitigate exposure.
Details
- CWE(s)