← back
CVE-2026-21626

Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla

CVSS 9.2 CRITICALEPSS 0.4%CWE-200
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.2EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Affected products
Stackideas.com · EasyDiscuss extension for Joomla

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://stackideas.com/easydiscuss