PT-2026-32359 · Totara · Totara Lms
Saykino
·
Published
2026-04-13
·
Updated
2026-05-11
·
CVE-2026-31282
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Totara LMS versions prior to 19.1.6
Description
Incorrect Access Control allows the login page code to be manipulated to reveal the login form. This can be combined with a missing rate-limit on the login form to facilitate a brute force attack, which is a trial-and-error method used to guess login credentials.
Recommendations
Update to a version newer than 19.1.5.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totara Lms