CVE-2026-29041

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34

Description Chamilo LMS is susceptible to an authenticated remote code execution issue stemming from insufficient validation of uploaded files. The application depends on MIME-type verification for file uploads, lacking adequate file extension validation and secure server-side storage restrictions. This allows a user with limited privileges to upload a malicious file containing executable code and execute arbitrary commands on the server.

Recommendations Update to version 1.11.34 or later.