CVE-2026-23898

HIGH

Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate

Title source: cna
STIX 2.1

Description

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.

References (1)

Scores

CVSS v3 7.2
EPSS 0.0000
EPSS Percentile 0.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-73
Status published
Products (3)
joomla/joomla\! 3.0.0 - 5.4.4
Joomla! Project/Joomla! CMS 4.0.0-5.4.3
Joomla! Project/Joomla! CMS 6.0.0-6.0.3
Published Apr 01, 2026
Tracked Since Apr 01, 2026