{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21630", "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "state": "PUBLISHED", "assignerShortName": "Joomla", "dateReserved": "2026-01-01T04:42:27.960Z", "datePublished": "2026-04-01T09:03:49.098Z", "dateUpdated": "2026-04-01T19:33:26.760Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Joomla! CMS", "vendor": "Joomla! Project", "versions": [{"status": "affected", "version": "4.0.0-5.4.3"}, {"status": "affected", "version": "6.0.0-6.0.3"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Antonio Morales from GitHub Security Lab Taskflow Agent"}, {"lang": "en", "type": "finder", "value": "vnth4nhnt from CyStack"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint."}], "value": "Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2026-04-01T19:33:26.760Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://developer.joomla.org/security-centre/1028-20260302-core-sql-injection-in-com-content-articles-webservice-endpoint.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T12:40:10.198406Z", "id": "CVE-2026-21630", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:40:42.222Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21630", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T12:40:10.198406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:40:27.261Z"}}], "cna": {"title": "Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Antonio Morales from GitHub Security Lab Taskflow Agent"}, {"lang": "en", "type": "finder", "value": "vnth4nhnt from CyStack"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Joomla! Project", "product": "Joomla! CMS", "versions": [{"status": "affected", "version": "4.0.0-5.4.3"}, {"status": "affected", "version": "6.0.0-6.0.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://developer.joomla.org/security-centre/1028-20260302-core-sql-injection-in-com-content-articles-webservice-endpoint.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.", "supportingMedia": [{"type": "text/html", "value": "Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2026-04-01T19:33:26.760Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21630", "state": "PUBLISHED", "dateUpdated": "2026-04-01T19:33:26.760Z", "dateReserved": "2026-01-01T04:42:27.960Z", "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "datePublished": "2026-04-01T09:03:49.098Z", "assignerShortName": "Joomla"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint."}], "id": "CVE-2026-21630", "lastModified": "2026-04-01T14:23:37.727", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@joomla.org", "type": "Secondary"}]}, "published": "2026-04-01T10:16:15.943", "references": [{"source": "security@joomla.org", "url": "https://developer.joomla.org/security-centre/1028-20260302-core-sql-injection-in-com-content-articles-webservice-endpoint.html"}], "sourceIdentifier": "security@joomla.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@joomla.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0.0,5.4.3]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[6.0.0,6.0.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Joomla! CMS", "source": "cna", "vendor": "Joomla! Project"}, "product": "joomla!", "vendor": "joomla"}], "analysis": {"en": {"generated_at": "2026-04-01T10:50:57.026111+00:00", "value": {"mitigation_remediation": ["Apply the latest Joomla! CMS update that contains the fix for the SQL injection in com_content.", "Restrict access to the com_content articles webservice endpoint so that only authenticated users can reach it or block the endpoint entirely if it is not needed.", "Deploy a web application firewall rule set that detects and blocks suspicious SQL injection attempts targeting ORDER clauses.", "Monitor server logs for anomalous SQL query patterns or requests directed at the com_content endpoint."], "summary": {"action": "Immediate Patch", "impact": "Data compromise"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Joomla! CMS, specifically the com_content component\u2019s articles webservice endpoint. There is no version information provided in the advisory, so any release prior to the fixed update may be vulnerable.", "description_and_impact": "Improperly constructed order clauses in the Joomla! CMS com_content articles webservice endpoint allow a SQL injection that can be used to read or alter data stored in the site's database. If exploited, an attacker could extract sensitive article content, user information, or modify site content, leading to hidden data exposure or content tampering. The weakness corresponds to CWE-89, which represents unsanitized input in SQL statements.", "risk_and_exploitability": "The CVSS score of 6.9 indicates medium to high severity. EPSS information is not available. The flaw is not listed in CISA\u2019s KEV catalog. The likely attack path is through an exposed webservice endpoint over HTTP or HTTPS. Exploitation requires the attacker to craft a malicious request containing a vulnerable ORDER clause; the advisory does not specify authentication requirements, so the endpoint may be reachable without user credentials. Because the flaw permits unauthorized data access or modification, the risk is significant for sites that expose the endpoint publicly."}}}}, "created": "2026-04-02T07:49:25.727969+00:00", "updated": "2026-04-03T08:58:38.993302+00:00", "vendors": ["joomla", "joomla$PRODUCT$joomla!"]}