CVE-2026-23899

Published: Apr 1, 2026Modified: Apr 9, 2026

8.6

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security@joomla.org (Secondary)

Description

An improper access check allows unauthorized access to webservice endpoints.

Affected (2)

Products: Joomla: Joomla!

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	From 3.0.0 to 5.4.4
Joomla Joomla!	From 6.0.0 to 6.0.4

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://developer.joomla.org/security-centre/1032-20260306-core-improper-access-check-in-webservice-endpoints.html

Source: security@joomla.org

Vendor Advisory

Timeline

No history available yet.