CVE-2026-40384

An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.

high 7.5 CVSS 3.1
Published: May 26, 2026
Modified: May 28, 2026
Vendor: Joomla
Product: Joomla\!

Description

An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.

References

Related CVEs

CVE-2026-48903 medium · 6.1
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48904 critical · 9.8
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48905 medium · 6.1
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-48896 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48897 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48898 critical · 9.8
An improper access check allows privilege escalation through the com_users batch task.