Skip to main content

Joomla CVE-2026-21627

Improper Access Control (CWE-284)
2026-02-20 security@joomla.org
Joomla

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:04 vuln.today
CVE Published
Feb 20, 2026 - 15:20 nvd
N/A

DescriptionNVD

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.

Analysis

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-21627 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy