Vulnerabilities

CVE-2026-33737

by Fred · 10/04/2026

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

More information : https://github.com/chamilo/chamilo-lms/commit/22b1cb1c609b643765c88654155aba27070c927e

Similar

Tags: Cybersecurity Alert