CVE-2026-35221
CRITICAL WAF: High
CVSS 9.8
Published: 2026-05-26
CWE-89
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla\! | 3.0.0 - 5.4.6 |
| joomla | joomla\! | 6.0.0 - 6.1.1 |
References
- developer.joomla.org (Vendor Advisory)