CVE 9.2 CRITICAL

Extension – stackideas.com – Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla_CVE-2026-21626

February 6, 2026 invoker category_cve

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Description

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

AI Analysis

Information disclosure vulnerability in EasyDiscuss extension for Joomla due to insufficient access control settings for forum post custom fields

Basic Information

ID CVE-2026-21626

Source Joomla

Published Feb 6, 2026 at 07:49

Affected Product

Vendor Stackideas.com

Product EasyDiscuss extension for Joomla

Version 1.0.0-5.0.15

Affected Versions Stackideas.com EasyDiscuss extension for Joomla 1.0.0-5.0.15

CWE Classification

CWE-200

AI Assessment

AI Score 9.2 / 10

AI Severity Critical

Vendor Stackideas.com

Product EasyDiscuss extension for Joomla

Version 1.0.0-5.0.15

References

stackideas.com /easydiscuss

{
    "lastseen": "",
    "description": "Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure",
    "published": "2026-02-06T07:49:42.606Z",
    "modified": "2026-02-06T07:49:42.606Z",
    "type": "cve",
    "title": "Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla",
    "source": "Joomla",
    "references": "https://stackideas.com/easydiscuss",
    "id": "CVE-2026-21626",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Stackideas.com EasyDiscuss extension for Joomla 1.0.0-5.0.15",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EasyDiscuss extension for Joomla",
    "version": "1.0.0-5.0.15",
    "vendor": "Stackideas.com",
    "ai_description": "Information disclosure vulnerability in EasyDiscuss extension for Joomla due to insufficient access control settings for forum post custom fields",
    "ai_severity": "Critical",
    "ai_vendor": "Stackideas.com",
    "ai_product": "EasyDiscuss extension for Joomla",
    "ai_version": "1.0.0-5.0.15",
    "ai_score": 9.2
}

💭 Join the Security Discussion ❌ Cancel Reply