The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://tassos.gr |
Configurations
No configuration.
History
20 Feb 2026, 15:20
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-20 15:20
Updated : 2026-02-20 15:34
NVD link : CVE-2026-21627
Mitre link : CVE-2026-21627
CVE.ORG link : CVE-2026-21627
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control