{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32932", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T00:05:53.282Z", "datePublished": "2026-04-10T17:51:58.480Z", "dateUpdated": "2026-04-13T15:36:22.092Z"}, "containers": {"cna": {"title": "Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q2cp-3qj3-wx8q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q2cp-3qj3-wx8q"}, {"name": "https://github.com/chamilo/chamilo-lms/commit/b005b3d3e76cf6eafc03e15ac445ceff089551c0", "tags": ["x_refsource_MISC"], "url": "https://github.com/chamilo/chamilo-lms/commit/b005b3d3e76cf6eafc03e15ac445ceff089551c0"}, {"name": "https://github.com/chamilo/chamilo-lms/commit/fbd8d7eb37d05ec974293f05b6ffaaf9102ebd2b", "tags": ["x_refsource_MISC"], "url": "https://github.com/chamilo/chamilo-lms/commit/fbd8d7eb37d05ec974293f05b6ffaaf9102ebd2b"}], "affected": [{"vendor": "chamilo", "product": "chamilo-lms", "versions": [{"version": "< 1.11.38", "status": "affected"}, {"version": ">= 2.0.0-alpha.1, < 2.0.0-RC.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T17:51:58.480Z"}, "descriptions": [{"lang": "en", "value": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the id_session parameter to the attacker's server. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3."}], "source": {"advisory": "GHSA-q2cp-3qj3-wx8q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T12:52:22.657541Z", "id": "CVE-2026-32932", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:36:22.092Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32932", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T12:52:22.657541Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:33:24.890Z"}}], "cna": {"title": "Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit", "source": {"advisory": "GHSA-q2cp-3qj3-wx8q", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "chamilo", "product": "chamilo-lms", "versions": [{"status": "affected", "version": "< 1.11.38"}, {"status": "affected", "version": ">= 2.0.0-alpha.1, < 2.0.0-RC.3"}]}], "references": [{"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q2cp-3qj3-wx8q", "name": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q2cp-3qj3-wx8q", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/chamilo/chamilo-lms/commit/b005b3d3e76cf6eafc03e15ac445ceff089551c0", "name": "https://github.com/chamilo/chamilo-lms/commit/b005b3d3e76cf6eafc03e15ac445ceff089551c0", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/chamilo/chamilo-lms/commit/fbd8d7eb37d05ec974293f05b6ffaaf9102ebd2b", "name": "https://github.com/chamilo/chamilo-lms/commit/fbd8d7eb37d05ec974293f05b6ffaaf9102ebd2b", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the id_session parameter to the attacker's server. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T17:51:58.480Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32932", "state": "PUBLISHED", "dateUpdated": "2026-04-13T15:36:22.092Z", "dateReserved": "2026-03-17T00:05:53.282Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-10T17:51:58.480Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4D0C5D2-6FA0-4532-8E3D-4EA111A50621", "versionEndExcluding": "1.11.38", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "4AF7661F-C1F7-4CAB-BBDF-FC5BF7F5BEB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "FE56AF71-9D53-42C6-980D-09E1C418ED87", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "01195674-9E1A-4C07-B7D3-0F0CC2E6511B", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "BAE63449-5A56-4302-A4BF-F3D19FC96A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "A84A06F9-5AB7-4703-8153-33AC68882B95", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B91302A3-53DE-4ED0-BAAB-FE9DA03F8242", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "46008D4A-96F7-4E04-8256-E115AAAE3383", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6E2BCAFF-D44B-4E67-998A-DF855E27606B", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D2E7D018-E4C2-45F5-8D9A-DAC947173607", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "DAF96697-6B6D-459D-9510-E5CEEDC2859B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the id_session parameter to the attacker's server. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3."}], "id": "CVE-2026-32932", "lastModified": "2026-04-17T21:27:32.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-10T18:16:42.590", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/chamilo/chamilo-lms/commit/b005b3d3e76cf6eafc03e15ac445ceff089551c0"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/chamilo/chamilo-lms/commit/fbd8d7eb37d05ec974293f05b6ffaaf9102ebd2b"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q2cp-3qj3-wx8q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.11.38)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0-alpha.1,2.0.0-RC.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "chamilo-lms", "source": "cna", "vendor": "chamilo"}, "product": "chamilo_lms", "vendor": "chamilo"}], "analysis": {"en": {"generated_at": "2026-04-10T19:23:16.224134+00:00", "value": {"mitigation_remediation": ["Update Chamilo LMS to version 1.11.38 or later, or 2.0.0\u2011RC.3 or later", "Verify that the 'page' parameter is properly validated or removed", "If an immediate patch is unavailable, restrict administrative account access and monitor for suspicious external redirects", "Revoke and regenerate any session identifiers that may have been exposed to external domains"], "summary": {"action": "Immediate Patch", "impact": "Open Redirection enabling phishing and session ID leakage for authenticated administrators"}, "threat_synthesis": {"affected_systems": "Versions of Chamilo LMS before 1.11.38 and before 2.0.0\u2011RC.3 are affected. The risk applies to any installation of Chamilo LMS where standard user credentialing and course management functionality are in use, especially for users with administrative privileges to edit coach assignments.", "description_and_impact": "Chamilo LMS suffers an open redirect flaw in the session course edit page that accepts an unvalidated 'page' parameter. When an authenticated administrator saves changes to coach assignments, the system redirects the browser to the supplied URL. The redirect also transmits the session identifier to the target domain. This can facilitate phishing attacks and unauthorized tracking of administrative sessions.", "risk_and_exploitability": "The CVSS score of 4.7 indicates moderate severity. Exploitation requires authenticated access as an administrator and the ability to modify coach assignment data, making it less likely to be widely abused by unauthenticated attackers. Without the EPSS score and KEV listing, the likelihood of exploitation remains uncertain, though the presence of a session\u2011id leak adds additional potential for credential compromise. The primary attack vector is user interaction with the redirect after an admin action, making it a social\u2011engineered risk rather than a purely automated exploit."}}}}, "created": "2026-04-13T12:43:34.325959+00:00", "updated": "2026-04-13T12:59:56.153715+00:00", "vendors": ["chamilo", "chamilo$PRODUCT$chamilo_lms"]}