NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-35220

Summary	Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
Publication Date	May 27, 2026, 2:16 a.m.
Registration Date	May 27, 2026, 4:08 a.m.
Last Update	May 27, 2026, 2:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://developer.joomla.org/security-centre/1037-20260505-core-csrf-in-user-activation-endpoint	security@joomla.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-352	クロスサイト・リクエスト・フォージェリ（CSRF）	https://cwe.mitre.org/data/definitions/352.html
2	CWE-352	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html