Skip to main content

Easydiscuss CVE-2026-21626

HIGH
Information Exposure (CWE-200)
2026-02-06 security@joomla.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 06, 2026 - 08:15 nvd
HIGH 7.5

DescriptionCVE.org

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

AnalysisAI

Easydiscuss fails to enforce access control restrictions on custom forum post fields when outputting data in JSON format, allowing unauthenticated remote attackers to retrieve sensitive information that should be restricted. This information disclosure vulnerability affects users whose forum configurations rely on field-level access controls. No patch is currently available for affected installations.

Technical ContextAI

Classified as CWE-200 (Information Exposure). Affects Easydiscuss. Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-21626 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy