Primary

Context

Joomla! CMS Incorrect Cache Key Construction Vulnerability in InputFilter Objects

Vulnerability

Patched

A vulnerability exists in Joomla! CMS versions 4.0.0 prior to 5.4.5 and 6.0.0 prior to 6.1.0, where the InputFilter::getInstance() method failed to include a security-sensitive parameter in the instance cache key. This oversight could lead to improper caching behavior, potentially allowing for security-sensitive data to be cached incorrectly or not at all.

Impact

Exploitation of this vulnerability could result in incorrect caching of InputFilter objects, which may lead to security-sensitive parameters being omitted from the cache key. This could allow for unintended behavior in how input is filtered and processed, potentially leading to security vulnerabilities such as cross-site scripting or other injection attacks.

Remediation

Users are advised to upgrade to Joomla! CMS versions 5.4.6 or 6.1.1.

Added: May 26, 2026, 10:56 PM

Updated: May 26, 2026, 10:56 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! CMS Incorrect Cache Key Construction Vulnerability in InputFilter Objects

Vulnerability

Impact

Remediation

Affected Products

Joomla

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating