What is CVE-2026-29041?

CVE-2026-29041 is a high-severity vulnerability in Chamilo Chamilo-lms, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2026-03-06.

How severe is CVE-2026-29041?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2026-29041 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Chamilo Chamilo-lms

CVE-2026-29041

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type…

Vulnerability class: Unrestricted File Upload

EPSS: 0.003 (49.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Chamilo Chamilo-lms — versions < 1.11.34

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

kx00007/CVE-2026-29041

References

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8 (x_refsource_CONFIRM)
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-29041?: CVE-2026-29041 is a high-severity vulnerability in Chamilo Chamilo-lms, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2026-03-06.
How severe is CVE-2026-29041?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2026-29041 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.