Description
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper validation of order clauses within the com_tags component of Joomla CMS, allowing an authenticated attacker to craft malicious SQL statements. This flaw can be used to extract sensitive data from the underlying database, potentially exposing confidential content, user credentials, or configuration information. The weakness is classified as a blind SQL injection, which typically requires the attacker to rely on time-based or error-based techniques to infer data, but still poses a significant risk to integrity and confidentiality.

Affected Systems

The affected product is Joomla! CMS, specifically the com_tags component. No specific product version is listed in the available data, so any installation of com_tags that has not been updated to the latest security release should be considered vulnerable.

Risk and Exploitability

The vulnerability is rated with a CVSS score of 6.9, indicating moderate severity. The EPSS score is not available, and it is not listed in the CISA KEV catalog, suggesting no publicly known exploitation yet. The attack vector requires authentication, meaning that an attacker must first gain access to a Joomla user account. Once authenticated, the attacker can supply a crafted order clause to the component’s query interface and, through blind techniques, retrieve data from the database. Given the lack of public exploitation evidence, the risk of exploitation is moderate but cannot be ignored if the site hosts sensitive data.

Generated by OpenCVE AI on May 26, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Joomla CMS to the latest patched release that addresses the com_tags SQL injection flaw.
  • If an immediate upgrade is not possible, disable the com_tags component for all users or restrict it to read‑only access to prevent injection attempts.
  • Ensure database interactions in the component use parameterized queries and validate all input, and perform regular security scans to detect any remaining vulnerabilities.

Generated by OpenCVE AI on May 26, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Joomla joomla\!
CPEs cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
Vendors & Products Joomla joomla\!
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Joomla
Joomla joomla!
Vendors & Products Joomla
Joomla joomla!

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
Title Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Joomla Joomla! Joomla\!
cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published:

Updated: 2026-06-05T07:30:10.304Z

Reserved: 2026-04-01T19:23:13.196Z

Link: CVE-2026-35222

cve-icon Vulnrichment

Updated: 2026-06-02T14:37:47.886Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T17:16:35.950

Modified: 2026-05-27T12:28:40.267

Link: CVE-2026-35222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:04:16Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')