BIT-JOOMLA-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

CVE-2026-23898

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

EUVD-2026-17861

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

CVE-2026-23898

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

CVE-2026-23898

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

CVE-2026-23898

Joomla! Core (com_joomlaupdate) is affected by an arbitrary file deletion vulnerability due to lack of input validation in the autoupdate server mechanism. The issue is documented across multiple sources (e.g., CVE-2026-23898, JOOMLA-1031, BIT-JOOMLA-2026-23898) and is tied to Joomla core updates...

PT-2026-29505

Name of the Vulnerable Software and Affected Versions Joomla! versions prior to v2.18.0 Description A lack of input validation in the autoupdate server mechanism allows for arbitrary file deletion. Attackers can bypass input validation by supplying crafted file paths, potentially leading to the...