Moodle Authentication Bypass Vulnerability for Suspended Users via LTI Provider

Vulnerability

An authentication bypass vulnerability has been identified in Moodle's Learning Tools Interoperability (LTI) Provider. This flaw allows suspended users to authenticate by exploiting LTI authentication handlers, which do not properly enforce suspension statuses. As a result, these users can gain unauthorized access to the system, potentially leading to information disclosure or other unauthorized actions.

Impact

Exploitation of this vulnerability could allow suspended users to access the system and perform actions they are not authorized to, potentially leading to unauthorized information disclosure.

Added: Feb 3, 2026, 11:24 AM

Updated: Feb 3, 2026, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Authentication Bypass Vulnerability for Suspended Users via LTI Provider

Vulnerability

Impact

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating