← Back

CVE-2026-21625

nvd nist
Published: Jan 16, 2026Modified: Jan 30, 2026

JSON object

Loading...
4.8
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security@joomla.org (Secondary)

Description

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.

Affected (1)

Stackideas
1 product
Easydiscuss
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Easydiscuss
From 1.0.0 to 5.0.15

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

Source: security@joomla.org
Third Party Advisory

Timeline

No history available yet.