CVE-2026-33703 | Chamilo LMS up to 2.0.0-RC.2 personal-data userId authorization

A vulnerability, which was classified as problematic, has been found in Chamilo LMS up to 2.0.0-RC.2. Affected by this vulnerability is an unknown functionality of the file /social-network/personal-data/. This manipulation of the argument userId causes authorization bypass. This vulnerability is tracked as CVE-2026-33703. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.