CVE-2026-33707 - Vulnerability Analysis
CriticalCVSS: 9.4Last Updated: April 13, 2026
Chamilo LMS - Authentication Bypass
Overview
Chamilo LMS < 1.11.38 and < 2.0.0-RC.3 contains an authentication bypass caused by predictable password reset tokens generated using sha1($email) without randomness, expiration, or rate limiting, letting attackers reset passwords knowing only the user's email.
Severity & Score
Impact
Attackers can reset any user's password without authentication, leading to full account takeover.
Mitigation
Upgrade to versions 1.11.38 or 2.0.0-RC.3 or later.
References
Social Media Activity(2 posts)
CVE-2026-33707: Chamilo LMS (CRITICAL) password reset flaw ā reset tokens are sha1(email), no randomness or expiry. Attackers with an email can hijack accounts. Affected: <1.11.38, 2.0.0-alpha.1 ā <2.0.0-RC.3. Patch now! https://radar.offseq.com/threat/cve-2026-33707-cwe-640-weak-password-recovery-mech-2af5871d #OffSeq #infosec #CVE #LMS
View original post
š“ CVE-2026-33707 - Critical (9.4) Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's em... š https://www.thehackerwire.com/vulnerability/CVE-2026-33707/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33707
- Severity
- Critical
- CVSS Score
- 9.4
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 6.5%
- Social Posts
- 2
CWE
- CWE-640
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L