Search

Find a vulnerability

Search criteria

    198 vulnerabilities found for Joomla! CMS by Joomla! Project

    CVE-2026-48904 (GCVE-0-2026-48904)

    Vulnerability from nvd – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints
    Summary
    An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Christos Papakonstantinou, Cantina
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48904",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:46.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Christos Papakonstantinou, Cantina"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allows privelege escalation through the com_users group editing webservice endpoint."
                }
              ],
              "value": "An improper access check allows privelege escalation through the com_users group editing webservice endpoint."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:13.794Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1046-20260514-core-privilege-escalation-through-com-users-webservice-endpoints.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48904",
        "datePublished": "2026-05-26T16:43:08.503Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:12:13.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48902 (GCVE-0-2026-48902)

    Vulnerability from nvd – Published: 2026-05-26 16:43 – Updated: 2026-06-05 07:28
    VLAI
    Title
    Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
    Summary
    The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 3.9.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    @ZeroXJacks, https://github.com/ZeroXJacks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T13:23:36.738591Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T11:58:08.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.9.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@ZeroXJacks, https://github.com/ZeroXJacks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn\u0027t explicitly set."
                }
              ],
              "value": "The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn\u0027t explicitly set."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T07:28:36.374Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48902",
        "datePublished": "2026-05-26T16:43:32.835Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-06-05T07:28:36.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48901 (GCVE-0-2026-48901)

    Vulnerability from nvd – Published: 2026-05-26 16:42 – Updated: 2026-06-05 07:27
    VLAI
    Title
    Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
    Summary
    The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-524 - Use of Cache Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    @ZeroXJacks, https://github.com/ZeroXJacks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48901",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T13:18:22.218493Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-524",
                    "description": "CWE-524 Use of Cache Containing Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T13:20:50.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@ZeroXJacks, https://github.com/ZeroXJacks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key."
                }
              ],
              "value": "The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T07:27:45.423Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1049-20260517-core-incorrect-cache-key-construction-for-inputfilter-objects.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48901",
        "datePublished": "2026-05-26T16:42:41.476Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-06-05T07:27:45.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48900 (GCVE-0-2026-48900)

    Vulnerability from nvd – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
    Summary
    An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.1.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:39:11.873493Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T17:39:19.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allowed low privileged users to edit the task types of existing scheduler tasks."
                }
              ],
              "value": "An improper access check allowed low privileged users to edit the task types of existing scheduler tasks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:59.814Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1048-20260516-core-incorrect-access-control-in-com-scheduler.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48900",
        "datePublished": "2026-05-26T16:43:51.153Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:12:59.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48899 (GCVE-0-2026-48899)

    Vulnerability from nvd – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:13
    VLAI
    Title
    Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
    Summary
    An improper access check allows privilege escalation through the com_users batch task.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    廖双
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48899",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:50.038Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "\u5ed6\u53cc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allows privilege escalation through the com_users batch task."
                }
              ],
              "value": "An improper access check allows privilege escalation through the com_users batch task."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:13:16.497Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1047-20260515-core-incorrect-access-control-in-sample-data-plugins.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48899",
        "datePublished": "2026-05-26T16:44:06.616Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:13:16.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48898 (GCVE-0-2026-48898)

    Vulnerability from nvd – Published: 2026-05-26 16:42 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260513] - Privilege escalation through com_users batch task
    Summary
    An improper access check allows privilege escalation through the com_users batch task.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Christos Papakonstantinou, Cantina Adrian Junge, vulno
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:45.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Christos Papakonstantinou, Cantina"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrian Junge, vulno"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allows privilege escalation through the com_users batch task."
                }
              ],
              "value": "An improper access check allows privilege escalation through the com_users batch task."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:03.902Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1045-20260513-core-privilege-escalation-through-com-users-batch-task.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260513] - Privilege escalation through com_users batch task",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48898",
        "datePublished": "2026-05-26T16:42:59.328Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:12:03.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48897 (GCVE-0-2026-48897)

    Vulnerability from nvd – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260512] - MFA Authentication Bypass
    Summary
    Insufficient state checks lead to a vector that allows to bypass 2FA checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Morris Baumgarten-Egemole
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T19:19:17.612461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T19:19:26.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Morris Baumgarten-Egemole"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
                }
              ],
              "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115: Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:05.696Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1044-20260512-core-mfa-authentication-bypass.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260512] - MFA Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48897",
        "datePublished": "2026-05-26T16:44:53.779Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:14:05.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48896 (GCVE-0-2026-48896)

    Vulnerability from nvd – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:15
    VLAI
    Title
    Joomla! Core - [20260511] - MFA Authentication Bypass
    Summary
    Insufficient state checks lead to a vector that allows to bypass 2FA checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Doyensec in collaboration with Claude and Anthropic Research Christos Papakonstantinou, Cantina
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48896",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:56:43.158826Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:57:20.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Doyensec in collaboration with Claude and Anthropic Research"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Christos Papakonstantinou, Cantina"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
                }
              ],
              "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115: Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:15:12.329Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1043-20260511-core-mfa-authentication-bypass.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260511] - MFA Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48896",
        "datePublished": "2026-05-26T16:45:55.573Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:15:12.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40384 (GCVE-0-2026-40384)

    Vulnerability from nvd – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
    Summary
    An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Doyensec in collaboration with Claude and Anthropic Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T19:17:10.492296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T19:17:18.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Doyensec in collaboration with Claude and Anthropic Research"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability."
                }
              ],
              "value": "An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:15.239Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1042-20260510-core-path-traversal-in-com-media-webservice-endpoint.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-40384",
        "datePublished": "2026-05-26T16:45:02.051Z",
        "dateReserved": "2026-04-12T05:13:31.714Z",
        "dateUpdated": "2026-05-27T09:14:15.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40383 (GCVE-0-2026-40383)

    Vulnerability from nvd – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260509] - LFI in HTMLView layout parameter
    Summary
    An improper validation of user-supplied input leads to a local file inclusion vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 3.2.1-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Doyensec in collaboration with Claude and Anthropic Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:58:29.241684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:59:09.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.1-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Doyensec in collaboration with Claude and Anthropic Research"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper validation of user-supplied input leads to a local file inclusion vulnerability."
                }
              ],
              "value": "An improper validation of user-supplied input leads to a local file inclusion vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-252 PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:28.517Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1041-20260509-core-lfi-in-htmlview-layout-parameter.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260509] - LFI in HTMLView layout parameter",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-40383",
        "datePublished": "2026-05-26T16:45:14.402Z",
        "dateReserved": "2026-04-12T05:13:31.714Z",
        "dateUpdated": "2026-05-27T09:14:28.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35223 (GCVE-0-2026-35223)

    Vulnerability from nvd – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
    Summary
    An improper access check allows unauthorized access to com_config webservice endpoints.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Rishi Shakya Qi Deng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35223",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:48.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rishi Shakya"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Qi Deng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allows unauthorized access to com_config webservice endpoints."
                }
              ],
              "value": "An improper access check allows unauthorized access to com_config webservice endpoints."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:29.087Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1040-20260508-core-improper-access-check-in-com-config-webservice-endpoints.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35223",
        "datePublished": "2026-05-26T16:43:21.784Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-05-27T09:12:29.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35222 (GCVE-0-2026-35222)

    Vulnerability from nvd – Published: 2026-05-26 16:45 – Updated: 2026-06-05 07:30
    VLAI
    Title
    Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
    Summary
    Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 6.0.0-6.1.0
    Affected: 4.0.0-5.4.5
    Create a notification for this product.
    Credits
    Adrian Junge aka vurlo Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T19:14:06.766795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:37:50.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrian Junge aka vurlo"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improperly validated order clauses lead to a SQL injection vulnerability in com_tags."
                }
              ],
              "value": "Improperly validated order clauses lead to a SQL injection vulnerability in com_tags."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T07:30:10.304Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1039-20260507-core-authenticated-blind-sqli-in-com-tags.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35222",
        "datePublished": "2026-05-26T16:45:13.390Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-06-05T07:30:10.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35221 (GCVE-0-2026-35221)

    Vulnerability from nvd – Published: 2026-05-26 16:46 – Updated: 2026-05-27 09:15
    VLAI
    Title
    Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder
    Summary
    Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 6.0.0-6.1.0
    Affected: 5.4.0-5.4.5
    Create a notification for this product.
    Credits
    Adrian Junge aka vurlo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35221",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:48:47.050683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:09:03.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.0-5.4.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrian Junge aka vurlo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder."
                }
              ],
              "value": "Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:15:29.303Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1038-20260506-core-authenticated-blind-sqli-in-com-finder.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35221",
        "datePublished": "2026-05-26T16:46:10.415Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-05-27T09:15:29.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35220 (GCVE-0-2026-35220)

    Vulnerability from nvd – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260505] - CSRF in user activation endpoint
    Summary
    Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Sun HuangnSec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:49:20.616038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:09:30.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sun HuangnSec"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users."
                }
              ],
              "value": "Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:34.686Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1037-20260505-core-csrf-in-user-activation-endpoint"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260505] - CSRF in user activation endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35220",
        "datePublished": "2026-05-26T16:45:19.690Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-05-27T09:14:34.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30895 (GCVE-0-2026-30895)

    Vulnerability from nvd – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260504] - XSS in readmore links
    Summary
    Lack of output escaping leads to a XSS vector in the readmore links for com_content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    peterhulst
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:25:34.231206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T17:26:53.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "peterhulst"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of output escaping leads to a XSS vector in the readmore links for com_content."
                }
              ],
              "value": "Lack of output escaping leads to a XSS vector in the readmore links for com_content."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-18",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-18 XSS Targeting Non-Script Elements"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:08.924Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1036-20260504-core-xss-in-readmore-links"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260504] - XSS in readmore links",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-30895",
        "datePublished": "2026-05-26T16:43:03.205Z",
        "dateReserved": "2026-03-06T04:55:46.057Z",
        "dateUpdated": "2026-05-27T09:12:08.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30894 (GCVE-0-2026-30894)

    Vulnerability from nvd – Published: 2026-05-26 16:42 – Updated: 2026-06-05 07:28
    VLAI
    Title
    Joomla! Core - [20260503] - XSS in com_contenthistory
    Summary
    Lack of output escaping leads to a XSS vector in the content history component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 3.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Phan Phan Hai Long
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30894",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T19:48:28.120888Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:36:39.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Phan Phan Hai Long"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of output escaping leads to a XSS vector in the content history component."
                }
              ],
              "value": "Lack of output escaping leads to a XSS vector in the content history component."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-18",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-18 XSS Targeting Non-Script Elements"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T07:28:01.850Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1035-20260503-core-xss-in-com-contenthistory"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260503] - XSS in com_contenthistory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-30894",
        "datePublished": "2026-05-26T16:42:58.268Z",
        "dateReserved": "2026-03-06T04:55:46.056Z",
        "dateUpdated": "2026-06-05T07:28:01.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25901 (GCVE-0-2026-25901)

    Vulnerability from nvd – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:28
    VLAI
    Title
    Joomla! Core - [20260502] - XSS in com_associations
    Summary
    Lack of output escaping leads to a XSS vector in the multilingual associations component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    vnth4nhnt from CyStack Aisle Research, Pavel Kohout
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25901",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:49:52.442848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:10:00.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "vnth4nhnt from CyStack"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Aisle Research, Pavel Kohout"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
                }
              ],
              "value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-18",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-18 XSS Targeting Non-Script Elements"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:28:14.477Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1034-20260502-core-xss-in-com-associations.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260502] - XSS in com_associations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-25901",
        "datePublished": "2026-05-26T16:44:25.314Z",
        "dateReserved": "2026-02-07T04:53:10.344Z",
        "dateUpdated": "2026-05-27T09:28:14.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25900 (GCVE-0-2026-25900)

    Vulnerability from nvd – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260501] - XSS in feed modules
    Summary
    Lack of output escaping leads to a XSS vector in the feed modules.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 3.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Mohamed Elabbas Sun Huang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:27:08.169302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T17:27:18.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mohamed Elabbas"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sun Huang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of output escaping leads to a XSS vector in the feed modules."
                }
              ],
              "value": "Lack of output escaping leads to a XSS vector in the feed modules."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-18",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-18 XSS Targeting Non-Script Elements"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:20.038Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1033-20260501-core-xss-in-feed-modules.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260501] - XSS in feed modules",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-25900",
        "datePublished": "2026-05-26T16:43:13.780Z",
        "dateReserved": "2026-02-07T04:53:10.343Z",
        "dateUpdated": "2026-05-27T09:12:20.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35221 (GCVE-0-2026-35221)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:46 – Updated: 2026-05-27 09:15
    VLAI
    Title
    Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder
    Summary
    Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 6.0.0-6.1.0
    Affected: 5.4.0-5.4.5
    Create a notification for this product.
    Credits
    Adrian Junge aka vurlo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35221",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:48:47.050683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:09:03.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.0-5.4.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrian Junge aka vurlo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder."
                }
              ],
              "value": "Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:15:29.303Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1038-20260506-core-authenticated-blind-sqli-in-com-finder.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35221",
        "datePublished": "2026-05-26T16:46:10.415Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-05-27T09:15:29.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48896 (GCVE-0-2026-48896)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:15
    VLAI
    Title
    Joomla! Core - [20260511] - MFA Authentication Bypass
    Summary
    Insufficient state checks lead to a vector that allows to bypass 2FA checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Doyensec in collaboration with Claude and Anthropic Research Christos Papakonstantinou, Cantina
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48896",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:56:43.158826Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:57:20.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Doyensec in collaboration with Claude and Anthropic Research"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Christos Papakonstantinou, Cantina"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
                }
              ],
              "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115: Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:15:12.329Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1043-20260511-core-mfa-authentication-bypass.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260511] - MFA Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48896",
        "datePublished": "2026-05-26T16:45:55.573Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:15:12.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35220 (GCVE-0-2026-35220)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260505] - CSRF in user activation endpoint
    Summary
    Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Sun HuangnSec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:49:20.616038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:09:30.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sun HuangnSec"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users."
                }
              ],
              "value": "Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:34.686Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1037-20260505-core-csrf-in-user-activation-endpoint"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260505] - CSRF in user activation endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35220",
        "datePublished": "2026-05-26T16:45:19.690Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-05-27T09:14:34.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40383 (GCVE-0-2026-40383)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260509] - LFI in HTMLView layout parameter
    Summary
    An improper validation of user-supplied input leads to a local file inclusion vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 3.2.1-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Doyensec in collaboration with Claude and Anthropic Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:58:29.241684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:59:09.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.1-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Doyensec in collaboration with Claude and Anthropic Research"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper validation of user-supplied input leads to a local file inclusion vulnerability."
                }
              ],
              "value": "An improper validation of user-supplied input leads to a local file inclusion vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-252 PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:28.517Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1041-20260509-core-lfi-in-htmlview-layout-parameter.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260509] - LFI in HTMLView layout parameter",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-40383",
        "datePublished": "2026-05-26T16:45:14.402Z",
        "dateReserved": "2026-04-12T05:13:31.714Z",
        "dateUpdated": "2026-05-27T09:14:28.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35222 (GCVE-0-2026-35222)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-06-05 07:30
    VLAI
    Title
    Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
    Summary
    Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 6.0.0-6.1.0
    Affected: 4.0.0-5.4.5
    Create a notification for this product.
    Credits
    Adrian Junge aka vurlo Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T19:14:06.766795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:37:50.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrian Junge aka vurlo"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improperly validated order clauses lead to a SQL injection vulnerability in com_tags."
                }
              ],
              "value": "Improperly validated order clauses lead to a SQL injection vulnerability in com_tags."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T07:30:10.304Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1039-20260507-core-authenticated-blind-sqli-in-com-tags.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35222",
        "datePublished": "2026-05-26T16:45:13.390Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-06-05T07:30:10.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40384 (GCVE-0-2026-40384)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
    Summary
    An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Doyensec in collaboration with Claude and Anthropic Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T19:17:10.492296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T19:17:18.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Doyensec in collaboration with Claude and Anthropic Research"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability."
                }
              ],
              "value": "An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:15.239Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1042-20260510-core-path-traversal-in-com-media-webservice-endpoint.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-40384",
        "datePublished": "2026-05-26T16:45:02.051Z",
        "dateReserved": "2026-04-12T05:13:31.714Z",
        "dateUpdated": "2026-05-27T09:14:15.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48897 (GCVE-0-2026-48897)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:14
    VLAI
    Title
    Joomla! Core - [20260512] - MFA Authentication Bypass
    Summary
    Insufficient state checks lead to a vector that allows to bypass 2FA checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Morris Baumgarten-Egemole
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T19:19:17.612461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T19:19:26.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Morris Baumgarten-Egemole"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
                }
              ],
              "value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115: Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:14:05.696Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1044-20260512-core-mfa-authentication-bypass.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260512] - MFA Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48897",
        "datePublished": "2026-05-26T16:44:53.779Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:14:05.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25901 (GCVE-0-2026-25901)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:28
    VLAI
    Title
    Joomla! Core - [20260502] - XSS in com_associations
    Summary
    Lack of output escaping leads to a XSS vector in the multilingual associations component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    vnth4nhnt from CyStack Aisle Research, Pavel Kohout
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25901",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:49:52.442848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:10:00.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "vnth4nhnt from CyStack"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Aisle Research, Pavel Kohout"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
                }
              ],
              "value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-18",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-18 XSS Targeting Non-Script Elements"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:28:14.477Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1034-20260502-core-xss-in-com-associations.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260502] - XSS in com_associations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-25901",
        "datePublished": "2026-05-26T16:44:25.314Z",
        "dateReserved": "2026-02-07T04:53:10.344Z",
        "dateUpdated": "2026-05-27T09:28:14.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48899 (GCVE-0-2026-48899)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:13
    VLAI
    Title
    Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
    Summary
    An improper access check allows privilege escalation through the com_users batch task.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    廖双
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48899",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:50.038Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "\u5ed6\u53cc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allows privilege escalation through the com_users batch task."
                }
              ],
              "value": "An improper access check allows privilege escalation through the com_users batch task."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:13:16.497Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1047-20260515-core-incorrect-access-control-in-sample-data-plugins.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48899",
        "datePublished": "2026-05-26T16:44:06.616Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:13:16.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48900 (GCVE-0-2026-48900)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
    Summary
    An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.1.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T17:39:11.873493Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T17:39:19.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allowed low privileged users to edit the task types of existing scheduler tasks."
                }
              ],
              "value": "An improper access check allowed low privileged users to edit the task types of existing scheduler tasks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:59.814Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1048-20260516-core-incorrect-access-control-in-com-scheduler.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48900",
        "datePublished": "2026-05-26T16:43:51.153Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-05-27T09:12:59.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48902 (GCVE-0-2026-48902)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-06-05 07:28
    VLAI
    Title
    Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
    Summary
    The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 3.9.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    @ZeroXJacks, https://github.com/ZeroXJacks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T13:23:36.738591Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T11:58:08.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.9.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@ZeroXJacks, https://github.com/ZeroXJacks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn\u0027t explicitly set."
                }
              ],
              "value": "The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn\u0027t explicitly set."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T07:28:36.374Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-48902",
        "datePublished": "2026-05-26T16:43:32.835Z",
        "dateReserved": "2026-05-26T10:06:17.656Z",
        "dateUpdated": "2026-06-05T07:28:36.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35223 (GCVE-0-2026-35223)

    Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
    VLAI
    Title
    Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
    Summary
    An improper access check allows unauthorized access to com_config webservice endpoints.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Joomla! Project Joomla! CMS Affected: 4.0.0-5.4.5
    Affected: 6.0.0-6.1.0
    Create a notification for this product.
    Credits
    Rishi Shakya Qi Deng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35223",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:48.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Joomla! CMS",
              "vendor": "Joomla! Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.0-5.4.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.0-6.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rishi Shakya"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Qi Deng"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access check allows unauthorized access to com_config webservice endpoints."
                }
              ],
              "value": "An improper access check allows unauthorized access to com_config webservice endpoints."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T09:12:29.087Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://developer.joomla.org/security-centre/1040-20260508-core-improper-access-check-in-com-config-webservice-endpoints.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2026-35223",
        "datePublished": "2026-05-26T16:43:21.784Z",
        "dateReserved": "2026-04-01T19:23:13.196Z",
        "dateUpdated": "2026-05-27T09:12:29.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }