CVE-2026-35221

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

critical 9.8 CVSS 3.1
Published: May 26, 2026
Modified: May 27, 2026
Vendor: Joomla
Product: Joomla\!

Description

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

References

Related CVEs

CVE-2026-48903 medium · 6.1
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48904 critical · 9.8
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48905 medium · 6.1
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-48896 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48897 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48898 critical · 9.8
An improper access check allows privilege escalation through the com_users batch task.