CVE-2026-23899
Joomla! Core - [20260306] - Improper access check in webservice endpointsAn improper access check allows unauthorized access to webservice endpoints.
We have discovered 1,518 live websites that are affected by CVE-2026-23899.
Affected Software
| Product |  Joomla |
| Category | Content Management System |
| Vulnerable Domains | 1,518 live websites (0.71% of Joomla install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-284 Improper Access ControlDetails
- Published - Apr 1, 2026
- Updated - Apr 2, 2026
Credits
- vnth4nhnt from CyStack (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2026-23899 United States | 137 websites |
 Germany | 448 websites |
 France | 146 websites |
 Switzerland | 111 websites |
 Russia | 101 websites |
 Netherlands | 87 websites |
 Italy | 79 websites |
 GB | 41 websites |
 Austria | 38 websites |
 Poland | 34 websites |
Website Distribution by TLD
Number of websites using CVE-2026-23899| .de | 370 websites |
| .com | 232 websites |
| .ch | 101 websites |
| .ru | 91 websites |
| .org | 79 websites |
| .nl | 76 websites |
| .fr | 72 websites |
| .it | 55 websites |
| .net | 50 websites |
| .at | 40 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-23899
Top websites that are affected by CVE-2026-23899. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.**.il |  Israel | **,*** | |
| **.******.org | United States | **,*** | |
| *****************.eu | Germany | ***,*** | |
| ********.org | Italy | ***,*** | |
| ********************.org | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| ****************.at | Austria | ***,*** | |
| ***.*******.*******.pl | Poland | ***,*** | |
| **********.cz |  Czech Republic | ***,*** | |
| ****.ie |  Ireland | ***,*** |
FAQ
CVE-2026-23899 is Improper Access Control in Joomla
A total of 1,518 websites have been identified as vulnerable to CVE-2026-23899, based on global website indexing conducted by WebTechSurvey.
The Joomla is affected by the CVE-2026-23899 vulnerability.
Joomla versions up to 6.0.3 are vulnerable to CVE-2026-23899.
CVE-2026-23899 is resolved in version 6.0.3 of Joomla.