CVE-2026-33737 | Chamilo LMS up to 1.11.37/2.0.0-RC.2 simplexml_load_string xml external entity reference (GHSA-c4ww-qgf2-v89j)

A vulnerability categorized as problematic has been discovered in Chamilo LMS up to 1.11.37/2.0.0-RC.2. Affected is the function simplexml_load_string. Executing a manipulation can lead to xml external entity reference. This vulnerability appears as CVE-2026-33737. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.