Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-35222: Drupal com_tags SQL Injection Risk

CVE-2026-35222

Summary

The Drupal com_tags module is vulnerable to SQL injection attacks if it doesn't properly validate user input. This means that an attacker could potentially inject malicious SQL code into the system, allowing them to access or modify sensitive data. To fix this, update the com_tags module to the latest version or apply the recommended patch.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
joomla	joomla\!	>= 3.0.0, < 5.4.6 >= 6.0.0, < 6.1.1 `cpe:2.3:a:joomla:joomla\!::::::::`

Original title

Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

Original description

Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

nvd CVSS4.0 6.9

Vulnerability type

CWE-89 SQL Injection

https://developer.joomla.org/security-centre/1039-20260507-core-authenticated-bl...

Published: 26 May 2026 · Updated: 27 May 2026 · First seen: 26 May 2026