Cyber Posture

CVE-2026-23899

High

Published: 01 April 2026

Published
01 April 2026
Modified
09 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0000 0.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23899 is a high-severity Improper Access Control (CWE-284) vulnerability in Joomla Joomla\!. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Directly addresses the improper access check by requiring the system to enforce approved authorizations for logical access to webservice endpoints.

SI-2 Flaw Remediation good match
prevent

Mandates identification, reporting, and correction of flaws like this improper access check vulnerability through timely patching of affected Joomla core components.

AC-6 Least Privilege partial match
prevent

Limits damage from low-privilege exploitation by enforcing least privilege, restricting unauthorized access scope on webservice endpoints.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct match to exploitation of a vulnerable public-facing web service endpoint in Joomla for unauthorized access and high-impact actions.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An improper access check allows unauthorized access to webservice endpoints.

Deeper analysisAI

CVE-2026-23899 is an improper access check vulnerability (CWE-284) in the Joomla core webservice endpoints, published on 2026-04-01. It enables unauthorized access to these endpoints and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and potential for significant impacts across confidentiality, integrity, and availability.

The vulnerability can be exploited by an attacker with low privileges, such as an authenticated user, who requires only network access and no user interaction. Exploitation grants unauthorized access to sensitive webservice endpoints, allowing high-impact outcomes including data exposure, modification, or disruption of services on the affected Joomla instance.

The primary advisory from the Joomla Security Centre (https://developer.joomla.org/security-centre/1032-20260306-core-improper-access-check-in-webservice-endpoints.html) details the issue and likely includes patch recommendations for affected Joomla versions. Security practitioners should review this reference for specific mitigation guidance, such as applying updates to core components.

Details

CWE(s)
CWE-284

Affected Products

joomla
joomla\!
3.0.0 — 5.4.4 · 6.0.0 — 6.0.4

CVEs Like This One

CVE-2026-21629Same product: Joomla Joomla\!
CVE-2024-40749Same product: Joomla Joomla\!
CVE-2026-21630Same product: Joomla Joomla\!
CVE-2024-40748Same product: Joomla Joomla\!
CVE-2026-23898Same product: Joomla Joomla\!
CVE-2025-24411Same product class: CMS core
CVE-2026-21289Same product class: CMS core
CVE-2026-21309Same product class: CMS core
CVE-2024-8855Same product class: CMS core
CVE-2025-24409Same product class: CMS core

References