Moodle Authorization Logic Flaw in Badge Awarding Process Allowing Privilege Escalation

Vulnerability

An authorization logic flaw has been identified in Moodle, where incomplete role checks during the badge awarding process allowed unauthorized users to receive badges they were not entitled to. This vulnerability could lead to privilege escalation or unauthorized access to certain features.

Impact

Exploitation of this vulnerability could result in unauthorized users obtaining badges, potentially allowing them to access additional privileges or features they should not have.

Added: Feb 3, 2026, 11:20 AM

Updated: Feb 3, 2026, 5:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Authorization Logic Flaw in Badge Awarding Process Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating