EUVD-2026-21529

🗓️ 10 Apr 2026 17:48:51Reported by EUVDType

Chamilo learning management had a direct object reference in the gradebook evaluation edit page; fixed in 1.11.38 and 2.0.0-RC.3.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-32930	10 Apr 202617:48	–	attackerkb
Circl	CVE-2026-32930	10 Apr 202619:31	–	circl
CNNVD	Chamilo LMS 安全漏洞	10 Apr 202600:00	–	cnnvd
CVE	CVE-2026-32930	10 Apr 202617:48	–	cve
Cvelist	CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check	10 Apr 202617:48	–	cvelist
NVD	CVE-2026-32930	10 Apr 202618:16	–	nvd
Positive Technologies	PT-2026-32009	10 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-32930	5 Jun 202619:20	–	redhatcve
Vulnrichment	CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check	10 Apr 202617:48	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "27714852-bfa9-3807-b417-72f08275d2f5",
        "vendor": {
          "name": "Chamilo"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0d533575-e7c4-3942-b63a-9895595b6e4f",
        "product": {
          "name": "chamilo-lms"
        },
        "product_version": "2.0.0-alpha.1, < 2.0.0-RC.3"
      },
      {
        "id": "51378608-825e-3837-975b-1c4e4ea3d7dd",
        "product": {
          "name": "chamilo-lms"
        },
        "product_version": "< 1.11.38"
      }
    ]
  }
]

Source	Link
github	www.github.com/chamilo/chamilo-lms/security/advisories/GHSA-9h22-wrg7-82q6
github	www.github.com/chamilo/chamilo-lms/commit/63e1e6d3d717bd537c7c61719416da35aaa658dd
github	www.github.com/chamilo/chamilo-lms/commit/f03f681df939db0429edc8414fb3ce4e4b80d79d

10 Apr 2026 17:48Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.1

EPSS0.00034

SSVC