EUVD-2026-17853
2026-04-01
Joomla
6.3
CVSS 4.0
Share
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X
Lifecycle Timeline
3
Analysis Generated
Apr 01, 2026 - 10:00 vuln.today
EUVD ID Assigned
Apr 01, 2026 - 10:00 euvd
EUVD-2026-17853
CVE Published
Apr 01, 2026 - 09:03 nvd
MEDIUM 6.3
Description
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
Analysis
Joomla CMS fails to enforce authenticated user checks on the AJAX component in the administrative area, allowing potential authentication bypass and unauthorized access to sensitive functionality. Third-party developers expecting default access controls may expose administrative features to unauthenticated or unauthorized users. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
32
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).