Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-35221: SQL Injection in com_finder Search Queries

CVE-2026-35221

Summary

The com_finder module in Joomla has a search query vulnerability. This means that an attacker could manipulate the search query to access sensitive data or perform unauthorized actions. To protect your site, update the com_finder module to the latest version or apply a patch to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
joomla	joomla\!	>= 3.0.0, < 5.4.6 >= 6.0.0, < 6.1.1 `cpe:2.3:a:joomla:joomla\!::::::::`

Original title

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

Original description

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

nvd CVSS4.0 6.9

Vulnerability type

CWE-89 SQL Injection

https://developer.joomla.org/security-centre/1038-20260506-core-authenticated-bl...

Published: 26 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026