CVE-2026-35220

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.

medium 4.3 CVSS 3.1

Published: May 26, 2026

Modified: May 27, 2026

Vendor: Joomla

Product: Joomla\!

Description

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vendor	Joomla
Product	Joomla\!