Unrated severityNVD Advisory· Published Aug 24, 2021· Updated Feb 25, 2026
[20210801] - Core - Insufficient access control for com_media deletion endpoint
CVE-2021-26040
Description
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
Affected products
1- Range: 4.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpointmitrex_refsource_MISCvendor-advisory
News mentions
0No linked articles in our index yet.