CVE-2026-21627

Summary

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.

Affected Software

VendorProductVersion RangeStatus
tassos.grNovarain/Tassos Framework (plg_system_nrframework)4.10.14–6.0.37affected
tassos.grConvert Forms3.2.12–5.1.0affected
tassos.grEngageBox6.0.0–7.1.0affected
tassos.grGoogle Structured Data5.1.7–6.1.0affected
tassos.grAdvanced Custom Fields2.2.0–3.1.0affected
tassos.grSmile Pack1.0.0–2.1.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References