← Back

CVE-2026-21626

nvd nist
Published: Feb 6, 2026Modified: Feb 18, 2026

JSON object

Loading...
9.2
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security@joomla.org (Secondary)

Description

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

Affected (1)

Stackideas
1 product
Easydiscuss
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Easydiscuss
From 1.0.0 to 5.0.15

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

Source: security@joomla.org
Product

Timeline

No history available yet.