What is CVE-2026-31281?

CVE-2026-31281 is a vulnerability in N/a. Published 2026-04-13.

Is CVE-2026-31281 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and e…

EPSS: 0.000 (15.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

saykino/CVE-2026-31281

References

www.totara.com/
github.com/saykino/CVE-2026-31281

Frequently asked questions

What is CVE-2026-31281?: CVE-2026-31281 is a vulnerability in N/a. Published 2026-04-13.
Is CVE-2026-31281 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.