Cyber Resilience

CVE-2026-23899

High

Published: 01 April 2026

Published
01 April 2026
Modified
09 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0040 31.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23899 is a high-severity Improper Access Control (CWE-284) vulnerability in Joomla Joomla\!. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23899 is an improper access check vulnerability (CWE-284) in the Joomla core webservice endpoints, published on 2026-04-01. It enables unauthorized access to these endpoints and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and potential for significant impacts across confidentiality, integrity, and availability.

The vulnerability can be exploited by an attacker with low privileges, such as an authenticated user, who requires only network access and no user interaction. Exploitation grants unauthorized access to sensitive webservice endpoints, allowing high-impact outcomes including data exposure, modification, or disruption of services on the affected Joomla instance.

The primary advisory from the Joomla Security Centre (https://developer.joomla.org/security-centre/1032-20260306-core-improper-access-check-in-webservice-endpoints.html) details the issue and likely includes patch recommendations for affected Joomla versions. Security practitioners should review this reference for specific mitigation guidance, such as applying updates to core components.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An improper access check allows unauthorized access to webservice endpoints.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct match to exploitation of a vulnerable public-facing web service endpoint in Joomla for unauthorized access and high-impact actions.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-40749Same product: Joomla Joomla\!
CVE-2026-21629Same product: Joomla Joomla\!
CVE-2026-48904Same product: Joomla Joomla\!
CVE-2026-48899Same product: Joomla Joomla\!
CVE-2026-35221Same product: Joomla Joomla\!
CVE-2026-48898Same product: Joomla Joomla\!
CVE-2026-21630Same product: Joomla Joomla\!
CVE-2026-35222Same product: Joomla Joomla\!
CVE-2026-40383Same product: Joomla Joomla\!
CVE-2024-40748Same product: Joomla Joomla\!

Affected Assets

joomla
joomla\!
3.0.0 — 5.4.4 · 6.0.0 — 6.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper access check by requiring the system to enforce approved authorizations for logical access to webservice endpoints.

prevent

Mandates identification, reporting, and correction of flaws like this improper access check vulnerability through timely patching of affected Joomla core components.

prevent

Limits damage from low-privilege exploitation by enforcing least privilege, restricting unauthorized access scope on webservice endpoints.

References