CVE 9.8 CRITICAL

CVE-2026-31282_CVE-2026-31282

April 14, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.

AI Analysis

Incorrect Access Control vulnerability allowing brute force attack on login form

Basic Information

ID CVE-2026-31282

Source mitre

Published Apr 13, 2026 at 00:00

Modified Apr 14, 2026 at 16:32

Affected Product

Vendor Totara Learning

Product Totara LMS

Version v19.1.5 and before

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Totara Learning

Product Totara LMS

Version v19.1.5 and before

References

{
    "lastseen": "",
    "description": "Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.",
    "published": "2026-04-13T00:00:00.000Z",
    "modified": "2026-04-14T16:32:43.823Z",
    "type": "cve",
    "title": "CVE-2026-31282",
    "source": "mitre",
    "references": "https://www.totara.com/\nhttps://github.com/saykino/CVE-2026-31282",
    "id": "CVE-2026-31282",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Totara LMS",
    "version": "v19.1.5 and before",
    "vendor": "Totara Learning",
    "ai_description": "Incorrect Access Control vulnerability allowing brute force attack on login form",
    "ai_severity": "Critical",
    "ai_vendor": "Totara Learning",
    "ai_product": "Totara LMS",
    "ai_version": "v19.1.5 and before",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply