Joomla Güvenlik Duyuruları

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Low
    • Versions: 4.0.0-5.4.6, 6.0.0-6.1.1
    • Exploit type: Incorrect Access Control
    • Reported Date: 2026-05-05
    • Fixed Date: 2026-07-07
    • CVE Number: CVE-2026-48958

    Description

    An improper access check allows unauthorized users to create custom fields via webservices endpoints.

    Affected Installs

    Joomla! CMS versions 4.0.0-5.4.6, 6.0.0-6.0.0-6.1.1

    Solution

    Upgrade to version 5.4.7, 6.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Federico Brasili
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Moderate
    • Probability: Low
    • Versions: 4.0.0-5.4.6, 6.0.0-6.1.1
    • Exploit type: Incorrect Access Control
    • Reported Date: 2026-06-12
    • Fixed Date: 2026-07-07
    • CVE Number: CVE-2026-48957

    Description

    An improper access check allows unauthorized users to access com_privacy datasets.

    Affected Installs

    Joomla! CMS versions 4.0.0-5.4.6, 6.0.0-6.0.0-6.1.1

    Solution

    Upgrade to version 5.4.7, 6.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Himanshu Anand
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Low
    • Versions: 4.0.0-5.4.6, 6.0.0-6.1.1
    • Exploit type: Incorrect Access Control
    • Reported Date: 2026-05-22
    • Fixed Date: 2026-07-07
    • CVE Number: CVE-2026-48956

    Description

    An improper access check allows users to display a list of modules in the frontend.

    Affected Installs

    Joomla! CMS versions 4.0.0-5.4.6, 6.0.0-6.0.0-6.1.1

    Solution

    Upgrade to version 5.4.7, 6.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Warisjeet Singh (sin99xx)
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Low
    • Versions: 6.0.0-6.1.1
    • Exploit type: Incorrect Access Control
    • Reported Date: 2026-04-22
    • Fixed Date: 2026-07-07
    • CVE Number: CVE-2026-48955

    Description

    An improper access check allows unauthorized users to access workflow stage and transition information.

    Affected Installs

    Joomla! CMS versions 6.0.0-6.1.1

    Solution

    Upgrade to version 6.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  廖双
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Low
    • Versions: 3.0.0-5.4.6,6.0.0-6.1.1
    • Exploit type: XSS
    • Reported Date: 2026-05-15
    • Fixed Date: 2026-07-07
    • CVE Number: CVE-2026-48954

    Description

    Improper validation leads to a generic XSS vector in the language override feature.

    Affected Installs

    Joomla! CMS versions 3.0.0-5.4.5,6.0.0-6.1.1

    Solution

    Upgrade to version 5.4.7, 6.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Morris Baumgarten-Egemole