CVE-2026-21629

HIGH

Joomla! Core - [20260301] - ACL hardening in com_ajax

Title source: cna

Description

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.

References (1)

[Vendor Advisory] https://developer.joomla.org/security-centre/1027-20260301-core-acl-hardening-in-com-ajax.html

Scores

CVSS v3 7.3

EPSS 0.0000

EPSS Percentile 0.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (3)

joomla/joomla\! 3.0.0 - 5.4.4

Joomla! Project/Joomla! CMS 3.0.0-5.4.3

Joomla! Project/Joomla! CMS 6.0.0-6.0.3

Published Apr 01, 2026

Tracked Since Apr 01, 2026