Primary

Context

Joomla! Privilege Escalation Vulnerability in com_users Webservice Endpoint

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Joomla! CMS versions 4.0.0 prior to 5.4.5 and 6.0.0 prior to 6.1.0. The issue arises from an improper access check in the com_users group editing webservice endpoint, allowing unauthorized users to gain elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain access to restricted functionalities or administrative capabilities.

Remediation

Users can upgrade to Joomla! CMS versions 5.4.6 or 6.1.1 to address this vulnerability.

Added: May 26, 2026, 10:55 PM

Updated: May 26, 2026, 10:55 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

5.4

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

5.4

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! Privilege Escalation Vulnerability in com_users Webservice Endpoint

Vulnerability

Impact

Remediation

Affected Products

Joomla

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating