CVE-2021-26028

CVE-2021-26028: [20210308] - Core - Path Traversal within joomla/archive zip class

Vendor Joomla! Project
Product Joomla! CMS
Published March 4, 2021
Last update February 25, 2026

CVSS base score

What the vulnerability does

01Description

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

Key dates

02Disclosure timeline

March 4, 2021 CVE published
February 25, 2026 Record updated