EUVD-2026-17863
Improper Access Control (CWE-284)
2026-04-01
Joomla
8.6
CVSS 4.0 · NVD
Share
Severity by source
NVD
PRIMARY
8.6
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X
Lifecycle Timeline
3
EUVD ID Assigned
Apr 01, 2026 - 10:00 euvd
EUVD-2026-17863
Analysis Generated
Apr 01, 2026 - 10:00 vuln.today
CVE Published
Apr 01, 2026 - 09:03 nvd
HIGH 8.6
DescriptionCVE.org
An improper access check allows unauthorized access to webservice endpoints.
AnalysisAI
Improper access control in Joomla! CMS webservice endpoints allows unauthorized attackers to bypass authentication and access protected API functionality without valid credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Authenticate as high-privileged user
Exploit
Send request to protected webservice endpoint
Execution
Bypass access control checks
Impact
Access unauthorized resources
Access
Authenticate as high-privileged user
Exploit
Send request to protected webservice endpoint
Execution
Bypass access control checks
Impact
Access unauthorized resources
Vulnerability AssessmentAI
| Exploitation | Attacker requires high-privilege credentials or administrative access to the system. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | While CVSS and EPSS scores are not available for this CVE, the vulnerability presents significant real-world risk due to its nature as an authentication bypass. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker discovers the webservice endpoint vulnerability and crafts HTTP requests to Joomla! webservice APIs that normally require administrative authentication. … |
| Remediation | Apply the vendor-released security patch from Joomla! … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).