CVE-2026-34160 | Chamilo LMS up to 2.0-RC.2 Exchange Notification Service pens.php package-url missing authentication (GHSA-g2xj-4cch-j276)

A vulnerability labeled as critical has been found in Chamilo LMS up to 2.0-RC.2. The impacted element is an unknown function of the file public/plugin/Pens/pens.php of the component Exchange Notification Service. Such manipulation of the argument package-url leads to missing authentication.

This vulnerability is traded as CVE-2026-34160. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More