BIT-JOOMLA-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

BIT-JOOMLA-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task

An improper access check allows privilege escalation through the comusers batch task...

CVE-2026-35220

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35220

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

EUVD-2026-31889

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

PT-2020-12922 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.17 Description: An issue was discovered that allows unauthorized deletion of usergroups due to incorrect ACL checks in the access level section of com users. Recommendations: For versions prior to 3.9.17, update ...