CVE-2026-21626 | THREATINT

Description

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

PUBLISHED Reserved 2026-01-01 | Published 2026-02-06 | Updated 2026-02-20 | Assigner Joomla

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

1.0.0-5.0.15

affected

Credits

creative-graphics.ch finder

djumla.de finder

References

stackideas.com/easydiscuss product

cve.org (CVE-2026-21626)

nvd.nist.gov (CVE-2026-21626)

Download JSON