Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
CVE-2026-35223: Unauthorized Access to Joomla com_config Endpoints
CVE-2026-35223
Summary
An issue in Joomla's com_config webservice endpoints allows attackers to access and potentially modify configuration settings without proper authorization. This could lead to unauthorized changes to the website's settings, potentially causing disruptions or security risks. Joomla administrators should update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| joomla | joomla\! |
>= 4.0.0, < 5.4.6 >= 6.0.0, < 6.1.1 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* |
Original title
An improper access check allows unauthorized access to com_config webservice endpoints.
Original description
An improper access check allows unauthorized access to com_config webservice endpoints.
nvd CVSS4.0
8.6
Vulnerability type
CWE-284
Improper Access Control
Published: 26 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026