A vulnerability was found in ILIAS Learning Management System 11.0 and classified as critical . This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking . Such manipulation of the argument troup_table_nav leads to sql injection. This vulnerability is referenced as CVE-2026-12789 . It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacte