Primary

Context

Joomla! CMS Autoupdate Server Arbitrary File Deletion Vulnerability

Vulnerability

Patched

An arbitrary file deletion vulnerability has been identified in the Joomla! CMS autoupdate server mechanism, stemming from a lack of input validation. This issue affects Joomla! CMS versions 4.0.0 through 5.4.3 and 6.0.0 through 6.0.3.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion on the server.

Remediation

Users are advised to upgrade to Joomla! CMS version 5.4.4 or 6.0.4.

Added: Apr 1, 2026, 10:18 AM

Updated: Apr 1, 2026, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

6.0

exploitability

6.8

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

6.0

exploitability

6.8

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! CMS Autoupdate Server Arbitrary File Deletion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Joomla! CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating