Changeflow GovPing Data Privacy & Cybersecurity Joomla CMS Critical Vulnerabilities CVSS 9.8
Urgent Notice Added Final

Joomla CMS Critical Vulnerabilities CVSS 9.8

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 31st, 2026
Detected April 1st, 2026
Email

Summary

CERT-Bund published security advisory WID-SEC-2026-0936 identifying critical vulnerabilities in Joomla CMS with CVSS Base Score 9.8. Affected versions include Open Source Joomla CMS prior to 5.4.4 and 6.0.4 across Windows and UNIX systems. An attacker can exploit these vulnerabilities remotely to bypass security controls, execute SQL injection attacks, manipulate data, or perform cross-site scripting.

View original document View source feed page

What changed

CERT-Bund issued advisory WID-SEC-2026-0936 regarding multiple critical vulnerabilities in Joomla CMS. The vulnerabilities affect Open Source Joomla CMS versions below 5.4.4 (released 31.03.2026) and below 6.0.4, impacting installations on Windows and UNIX operating systems. The CVSS Base Score is 9.8 (critical) with a Temporal Score of 8.5 (high). Attack vectors allow remote exploitation for security bypass, SQL injection, data manipulation, and XSS attacks.

Organizations running affected Joomla CMS installations should immediately apply available mitigations and update to patched versions. Website operators and technology companies using Joomla should assess their exposure, prioritize patching, and monitor for indicators of compromise. No specific compliance deadline or regulatory penalty information is provided in this advisory.

What to do next

  1. Update Joomla CMS to version 5.4.4 or higher, or 6.0.4 or higher
  2. Assess all Joomla installations within the organization for exposure
  3. Monitor for indicators of compromise if running vulnerable versions

Source document (simplified)

[WID-SEC-2026-0936] Joomla CMS: Mehrere Schwachstellen CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 31.03.2026 Stand 01.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Joomla ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. Über zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.

Produkte

31.03.2026
- Open Source Joomla CMS <5.4.4

  • Open Source Joomla CMS <6.0.4

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in Joomla CMS ausnutzen, um Sicherheitsvorkehrungen zu umgehen, SQL-Injection-Angriffe durchzuführen, Daten zu manipulieren oder Cross-Site-Scripting-Angriffe auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Critical xz Utils Vulnerability Enables Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Vim Vulnerability - Arbitrary Code Execution Risk
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
Priority review Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Critical Axios Supply Chain Compromise via npm
Urgent Apr 01, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.cisa.gov CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
Priority review Apr 01, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiples vulnérabilités dans les produits Microsoft
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 31st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
WID-SEC-2026-0936

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability Management Patch Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Data Privacy

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 324 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.