Executive Summary

CVE-2026-35223 is a security vulnerability in Joomla! CMS versions 4.0.0 to 5.4.5 and 6.0.0 to 6.1.0. It involves improper access checks in the com_config webservice endpoints, which allows unauthorized users to gain access to these endpoints.

This means that the system does not properly verify whether a user has the right permissions before allowing access to certain configuration webservice functions.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a high impact because unauthorized users might gain access to sensitive configuration settings through the com_config webservice endpoints.

Such unauthorized access could lead to changes in system configuration, potentially compromising the security and stability of the Joomla! CMS installation.

However, the probability of exploitation is considered low.

Users are advised to upgrade to Joomla! versions 5.4.6 or 6.1.1 or later to mitigate this risk.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, users should upgrade Joomla! CMS to the fixed versions 5.4.6 or 6.1.1 or later.

This update addresses the improper access checks in the com_config webservice endpoints that allow unauthorized access.

Applying the update promptly reduces the risk of exploitation.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how the improper access check vulnerability in Joomla! CMS affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0