CVE-2026-21628

Published: Mar 5, 2026Modified: Mar 13, 2026

10.0

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:XShow less

Source: security@joomla.org (Secondary)

Description

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.

Affected (1)

Products: Templaza: Astroid Framework

1 product

Astroid Framework

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Templaza Astroid Framework	From 2.0.0 to 3.3.10

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://astroidframe.work

Source: security@joomla.org

Product

Timeline

No history available yet.