Moodle Open Redirect Vulnerability in OAuth Login Flow

Vulnerability

A open redirect vulnerability has been identified in Moodle's OAuth login process. This flaw allows remote attackers to redirect users to malicious websites after they have authenticated. The issue stems from inadequate validation of redirect parameters, potentially leading to phishing attacks or unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in users being redirected to attacker-controlled sites, where they might be phished or exposed to malware. Such malware could compromise their systems, possibly through keylogging or other means of stealing credentials and personal information.

Added: Feb 3, 2026, 11:22 AM

Updated: Feb 3, 2026, 5:31 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Open Redirect Vulnerability in OAuth Login Flow

Vulnerability

Impact

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating