CVE-2026-21626

Summary

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

Affected Software

VendorProductVersion RangeStatus
Stackideas.comEasyDiscuss extension for Joomla1.0.0-5.0.15affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References