CVE-2026-21631

Published: Apr 1, 2026

Modified: Apr 2, 2026

PUBLISHED

Lack of output escaping leads to a XSS vector in the multilingual associations component.

Vendor	Product	Versions
Joomla! Project	Joomla! CMS	affected `4.0.0-5.4.3` affected `6.0.0-6.0.3`

vendor-advisory

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.