EUVD-2026-21569

🗓️ 10 Apr 2026 19:05:08Reported by EUVDType

Chamilo LMS older releases allow XXE via simplexml_load_string without LIBXML_NOENT; fixed in 1.11.38.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-33737	10 Apr 202619:05	–	attackerkb
CNNVD	Chamilo LMS 代码问题漏洞	10 Apr 202600:00	–	cnnvd
CVE	CVE-2026-33737	10 Apr 202619:05	–	cve
Cvelist	CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection	10 Apr 202619:05	–	cvelist
NVD	CVE-2026-33737	10 Apr 202619:16	–	nvd
Positive Technologies	PT-2026-32026	10 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-33737	13 Apr 202619:23	–	redhatcve
Vulnrichment	CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection	10 Apr 202619:05	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "a5d34e86-02c6-3dc2-b788-589168d2ccc6",
        "vendor": {
          "name": "Chamilo"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "9ae40050-a7de-3d9b-8cb7-ddca92d7f487",
        "product": {
          "name": "chamilo-lms"
        },
        "product_version": "2.0.0-alpha.1, < 2.0.0-RC.3"
      },
      {
        "id": "e416805f-0b5b-38dc-bcc1-dd01b6c5dfad",
        "product": {
          "name": "chamilo-lms"
        },
        "product_version": "< 1.11.38"
      }
    ]
  }
]

Source	Link
github	www.github.com/chamilo/chamilo-lms/security/advisories/GHSA-c4ww-qgf2-v89j
github	www.github.com/chamilo/chamilo-lms/commit/22b1cb1c609b643765c88654155aba27070c927e
github	www.github.com/chamilo/chamilo-lms/commit/af6b7002af7c15825e98fc522e2ead0d00cacaa3

10 Apr 2026 19:05Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.3

EPSS0.00036