CVE-2026-21626 CRITICAL

CVE-2026-21626: Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla

Vendor Stackideas.com

Product EasyDiscuss extension for Joomla

Weakness CWE-200 · Info exposure

Published February 6, 2026

Last update February 20, 2026

View on NVD All CVEs

CVSS base score

9.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

Description

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

Key dates

Disclosure timeline

February 6, 2026 CVE published

February 20, 2026 Record updated

Identifiers

CVE CVE-2026-21626

CWE CWE-200

CVSS 9.2 / CRITICAL

Affected versions

Vendor Stackideas.com

Product EasyDiscuss extension for Joomla

Affected 1.0.0-5.0.15