CVE-2026-23899
Improper Access Control in Joomla Webservice Enables Unauthorized Access
Publication date: 2026-04-01
Last updated on: 2026-04-09
Assigner: Joomla! Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joomla | joomla! | From 3.0.0 (inc) to 5.4.4 (exc) |
| joomla | joomla! | From 6.0.0 (inc) to 6.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23899 is a high-severity security vulnerability in Joomla! CMS versions 4.0.0 through 5.4.3 and 6.0.0 through 6.0.3. It involves an improper access check in the webservice endpoints, which means that the access control mechanisms are incorrectly implemented. As a result, unauthorized users can gain access to these webservice endpoints that they should not be able to access.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to access webservice endpoints in Joomla! CMS, potentially exposing sensitive data or functionality that should be restricted. Such unauthorized access can lead to data breaches, manipulation of data, or disruption of services depending on what the webservice endpoints control.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper access checks on Joomla! webservice endpoints allowing unauthorized access. Detection would involve checking if your Joomla! installation is within the affected versions (4.0.0 through 5.4.3 and 6.0.0 through 6.0.3) and testing access to webservice endpoints without proper authorization.
Specific commands or automated detection scripts are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade your Joomla! installations to version 5.4.4 or 6.0.4, where the improper access check issue has been fixed.
Contact the Joomla! Security Centre (JSST) for further guidance if needed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to webservice endpoints due to improper access checks. Such unauthorized access can lead to exposure or compromise of sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require strict access controls and protection of personal and health information.
Failure to properly restrict access could result in violations of these standards, potentially leading to legal and financial consequences for organizations using affected Joomla! versions.