CVE-2026-21630
published 2026-04-01CVE-2026-21630: Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.34%
26.0th percentile
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla!_project | joomla!_cms | — | — |
| joomla!_project | joomla!_cms | — | — |
| joomla | joomla_! | >= 3.0.0 < 5.4.4 | 5.4.4 |
| joomla | joomla_! | >= 6.0.0 < 6.0.4 | 6.0.4 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-21632 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-21632 [MEDIUM] CVE-2026-21632 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21632 :
Joomla vulnerability analysis and mitigation
Lack of output escaping for article titles leads to XSS vectors in various locations.
Source : NVD
## 5.9
Score
Published April 1, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
NVD
Linux No Fix Added at: Apr 02, 2026
Windows No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Joomla vulnerabilities:
CVE ID
Severi
Wiz
CVE-2026-21630 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-21630 [MEDIUM] CVE-2026-21630 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21630 :
Joomla vulnerability analysis and mitigation
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
Source : NVD
## 6.9
Score
Published April 1, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
NVD
Linux No Fix Added at: Apr 02, 2026
Windows No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Joomla vulnerabiliti
Wiz
CVE-2026-23899 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23899 [MEDIUM] CVE-2026-23899 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23899 :
Joomla vulnerability analysis and mitigation
An improper access check allows unauthorized access to webservice endpoints.
Source : NVD
## 8.6
Score
Published April 1, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
NVD
Linux No Fix Added at: Apr 02, 2026
Windows No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Joomla vulnerabilities:
CVE ID
Severity
Score
Wiz
CVE-2025-63083 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-63083 [MEDIUM] CVE-2025-63083 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-63083 :
Joomla vulnerability analysis and mitigation
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Source : NVD
## 5.9
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
Linux Severity MEDIUM Has Fix Added at: Jan 07, 2026
Windows Severity MEDIUM Has Fix Added at: Jan 07, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 02, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in yo
Wiz
CVE-2026-21631 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-21631 [MEDIUM] CVE-2026-21631 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21631 :
Joomla vulnerability analysis and mitigation
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Source : NVD
## 5.9
Score
Published April 1, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
NVD
Linux No Fix Added at: Apr 02, 2026
Windows No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Joomla vulnerabilities:
CVE ID
Se
Wiz
CVE-2026-23898 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23898 [MEDIUM] CVE-2026-23898 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23898 :
Joomla vulnerability analysis and mitigation
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
Source : NVD
## 8.6
Score
Published April 1, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
NVD
Linux No Fix Added at: Apr 02, 2026
Windows No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Joomla vulnerabil
Wiz
CVE-2025-63082 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-63082 [MEDIUM] CVE-2025-63082 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-63082 :
Joomla vulnerability analysis and mitigation
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
Source : NVD
## 5.9
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
Linux Severity MEDIUM Has Fix Added at: Jan 07, 2026
Windows Severity MEDIUM Has Fix Added at: Jan 07, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 02, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2026-21629 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-21629 [MEDIUM] CVE-2026-21629 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21629 :
Joomla vulnerability analysis and mitigation
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
Source : NVD
## 6.3
Score
Published April 1, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
Joomla
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joomla:joomla\!
Sources
NVD
Linux No Fix Added at: Apr 02, 2026
Windows No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable,
2026-04-01
Published