Back to CVE List

CVE-2026-35220

Vulnerability Description

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.

Vulnerability Details

Published Date

May 26, 2026

Last Modified

May 26, 2026

CWE ID

CWE-352

Source

NVD

Vendor

Joomla! Project

Product

Joomla! CMS

External References

https://developer.joomla.org/security-centre/1037-20260505-core-csrf-in-user-activation-endpoint

Discussion (0)

Add Comment

No comments yet. Be the first!