CVE-2026-23899: CVE-2026-23899: Improper Access Check in Joomla! com_config Webservices

1 / 2

CVE-2026-23899: CVE-2026-23899: Improper Access Check in Joomla! com_config Webservices

DEV Community·CVE Reports·17 days ago

#z6apRjIA

#security #cve #cybersecurity #software #joomla #configuration

Reading 0:00

15s threshold

CVE-2026-23899: Improper Access Check in Joomla! com_config Webservices Vulnerability ID: CVE-2026-23899 CVSS Score: 8.8 Published: 2026-04-01 CVE-2026-23899 is a critical authorization bypass vulnerability within the Joomla! CMS webservice API. Due to an improper access check in the com_config component, authenticated low-privileged users can read and modify the global configuration, leading to the exposure of database credentials and the application secret key. TL;DR An authorization bypass in Joomla! webservice endpoints allows authenticated low-privileged users to read and modify sensitive configuration settings, resulting in total system compromise. ⚠️ Exploit Status: POC Technical Details CWE ID : CWE-284 Attack Vector : Network Privileges Required : Low (API Token) CVSS v3.1 Score : 8.8 EPSS Score : 0.00001 Exploit Status : Proof of Concept Affected Systems Joomla! CMS Joomla! CMS : 4.0.0 - 5.4.3 (Fixed in: 5.4.4 ) Joomla! CMS : 6.0.0 - 6.0.3 (Fixed in: 6.0.4 ) Mitigation Strategies Upgrade Joomla!…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-23899: CVE-2026-23899: Improper Access Check in Joomla! com_config Webservices