CVE-2026-21629— Joomla! Core - [20260301] - ACL hardening in com_ajax
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21629
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Joomla! Core - [20260301] - ACL hardening in com_ajax
Source: NVD (National Vulnerability Database)
Vulnerability Description
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Joomla! CMS 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Joomla! CMS是Joomla!开源的一个内容管理系统。 Joomla! CMS存在访问控制错误漏洞,该漏洞源于管理区域中ajax组件被排除在默认登录用户检查之外,可能导致第三方开发者产生意外行为。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS | 3.0.0-5.4.3 | - |
II. Public POCs for CVE-2026-21629
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21629
请登录查看更多情报信息。
Advisory · 1
- [20260301] - Core - ACL hardening in com_ajaxvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-21629
Same Patch Batch · Joomla! Project · 2026-04-01 · 6 CVEs total
| CVE-2026-21630 | Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint | |
| CVE-2026-21631 | Joomla! Core - [20260303] - XSS vector in com_associations comparison view | |
| CVE-2026-21632 | Joomla! Core - [20260304] - XSS vectors in various article title outputs | |
| CVE-2026-23898 | Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate | |
| CVE-2026-23899 | Joomla! Core - [20260306] - Improper access check in webservice endpoints |
IV. Related Vulnerabilities
Same product: Joomla! CMS
- CVE-2026-21630
Joomla! Core - [20260302] - SQL injection in com_content art - CVE-2026-23898
Joomla! Core - [20260305] - Arbitrary file deletion in com_j - CVE-2026-23899
Joomla! Core - [20260306] - Improper access check in webserv - CVE-2026-21631
Joomla! Core - [20260303] - XSS vector in com_associations c - CVE-2026-21632
Joomla! Core - [20260304] - XSS vectors in various article t
Same vendor: Joomla! Project
- CVE-2026-21630
Joomla! Core - [20260302] - SQL injection in com_content art - CVE-2026-23898
Joomla! Core - [20260305] - Arbitrary file deletion in com_j - CVE-2026-23899
Joomla! Core - [20260306] - Improper access check in webserv - CVE-2026-21631
Joomla! Core - [20260303] - XSS vector in com_associations c - CVE-2026-21632
Joomla! Core - [20260304] - XSS vectors in various article t
Same weakness: CWE-284
- CVE-2026-8752
h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java - CVE-2026-45301
Open WebUI: Missing permission check in files API allows aut - CVE-2026-44556
Open WebUI: responses passthrough endpoint lacks access cont - CVE-2026-44774
Traefik: Gateway API TraefikService backend accepts rest@int - CVE-2025-0040
NXP JTAG-AXI访问控制漏洞
V. Comments for CVE-2026-21629
No comments yet