A vulnerability was found in Totara LMS up to 19.1.5 . It has been classified as problematic . This vulnerability affects unknown code of the component Forgot Password API . The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2026-31283 . The attack may be initiated remotely. There is no available exploit.