A vulnerability labeled as critical has been found in Chamilo LMS up to 1.11.35 . Impacted is an unknown function of the file h5p.json of the component H5P Import Feature . The manipulation results in code injection. This vulnerability is reported as CVE-2026-30875 . The attack can be launched remotely. No exploit exists. The affected component should be upgraded.