CVE-2026-21626

Critical CVSS: 9.2

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

Vendor

Stackideas

Product

Easydiscuss

CWE

CWE-200

Yayın Tarihi

2026-02-06 08:15:53

Güncelleme

2026-02-18 17:26:54

Source Identifier

security@joomla.org

KEV Date Added

Kategoriler

CWE-200 Easydiscuss CRITICAL Stackideas 2026

Referanslar

https://stackideas.com/easydiscuss

Benzer Kayıtlar

Medium

CVE-2026-21625

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by…

Critical

CVE-2026-21623

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component…

Critical

CVE-2026-21624

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss com…