vulnerability

Joomla!: [20260301] - Core - ACL hardening in com_ajax (CVE-2026-21629)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 1, 2026

Added

Apr 1, 2026

Modified

Apr 10, 2026

Description

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.

Solutions

joomla-upgrade-5_4_4joomla-upgrade-6_0_4

References

CVE-2026-21629
https://attackerkb.com/topics/CVE-2026-21629
CWE-284
EUVD-EUVD-2026-17853
http://developer.joomla.org/security-centre/1027-20260301-core-acl-hardening-in-com-ajax.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-17853

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report