CVE-2026-21630: Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint

Q: What is the severity of CVE-2026-21630?

CVE-2026-21630 has been classified as a critical vulnerability due to its potential for SQL injection.

Q: How do I fix CVE-2026-21630?

To fix CVE-2026-21630, update your Joomla! installation to the latest version where the vulnerability is patched.

Q: What are the potential impacts of CVE-2026-21630?

The potential impact of CVE-2026-21630 includes unauthorized access to database information through SQL injection.

Q: Which versions of Joomla! are affected by CVE-2026-21630?

CVE-2026-21630 affects all Joomla! versions prior to the security fix released on March 2, 2026.

Q: Is there a workaround for CVE-2026-21630?

Currently, there are no known effective workarounds for CVE-2026-21630, and updating is the recommended solution.

Published Apr 1, 2026

Updated

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.

Affected Software

3 affected components

Joomla Joomla Core

Joomla Joomla\!>=3.0.0<5.4.4

Joomla Joomla\!>=6.0.0<6.0.4

Event History

Apr 1, 2026

CVE Published

via MITRE·09:03 AM

Data Sourced

via MITRE·09:03 AM

DescriptionWeakness

Data Sourced

via NVD·10:16 AM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-21630?

CVE-2026-21630 has been classified as a critical vulnerability due to its potential for SQL injection.

How do I fix CVE-2026-21630?

To fix CVE-2026-21630, update your Joomla! installation to the latest version where the vulnerability is patched.

What are the potential impacts of CVE-2026-21630?

The potential impact of CVE-2026-21630 includes unauthorized access to database information through SQL injection.

Which versions of Joomla! are affected by CVE-2026-21630?

CVE-2026-21630 affects all Joomla! versions prior to the security fix released on March 2, 2026.

Is there a workaround for CVE-2026-21630?

Currently, there are no known effective workarounds for CVE-2026-21630, and updating is the recommended solution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.