Alert GCSA-26053 - Aggiornamento di sicurezza per Joomla!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26053
data: 03 aprile 2026
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
con la quale vengono corrette alcune vulnerabilita' di sicurezza.
[20260301] - Core - ACL hardening in com_ajax
[20260302] - Core - SQL injection in com_content articles webservice endpoint
[20260303] - Core - XSS vector in com_associations comparison view
[20260304] - Core - XSS vectors in various article title outputs
[20260305] - Core - Arbitrary file deletion in com_joomlaupdate
[20260306] - Core - Improper access check in webservice endpoints
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Joomla! versioni precedenti alla 5.4.4
Joomla! versioni precedenti alla 6.0.4
:: Impatto
Bypass delle funzionalita' di sicurezza (SFB)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Attacco all'integrita' dei dati
:: Soluzioni
Aggiornare alle versioni piu' recenti (5.4.4 o 6.0.4)
https://downloads.joomla.org/
https://downloads.joomla.org/latest
Joomla! update instructions
https://docs.joomla.org/Portal:Upgrading_Versions/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5944-joomla-6-0-4-5-4-4-security-bugfix-release.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre.html
https://developer.joomla.org/security-centre/1027-20260301-core-acl-hardening-in-com-ajax.html
https://developer.joomla.org/security-centre/1028-20260302-core-sql-injection-in-com-content-articles-webservice-endpoint.html
https://developer.joomla.org/security-centre/1029-20260303-core-xss-vector-in-com-associations-comparison-view.html
https://developer.joomla.org/security-centre/1030-20260304-core-xss-vectors-in-various-article-title-outputs.html
https://developer.joomla.org/security-centre/1031-20260305-core-arbitrary-file-deletion-in-com-joomlaupdate.html
https://developer.joomla.org/security-centre/1032-20260306-core-improper-access-check-in-webservice-endpoints.html
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-21629
https://www.cve.org/CVERecord?id=CVE-2026-21630
https://www.cve.org/CVERecord?id=CVE-2026-21631
https://www.cve.org/CVERecord?id=CVE-2026-21632
https://www.cve.org/CVERecord?id=CVE-2026-23898
https://www.cve.org/CVERecord?id=CVE-2026-23899
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCac+xOQAKCRDBnEyTZRJg
QpRQAJ921AVKgbiAwBEpJOehMVsUANvqogCgzyh3RiXtbU6Wp8CMusgSzC6Wg1c=
=GkD1
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26053
data: 03 aprile 2026
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
con la quale vengono corrette alcune vulnerabilita' di sicurezza.
[20260301] - Core - ACL hardening in com_ajax
[20260302] - Core - SQL injection in com_content articles webservice endpoint
[20260303] - Core - XSS vector in com_associations comparison view
[20260304] - Core - XSS vectors in various article title outputs
[20260305] - Core - Arbitrary file deletion in com_joomlaupdate
[20260306] - Core - Improper access check in webservice endpoints
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Joomla! versioni precedenti alla 5.4.4
Joomla! versioni precedenti alla 6.0.4
:: Impatto
Bypass delle funzionalita' di sicurezza (SFB)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Attacco all'integrita' dei dati
:: Soluzioni
Aggiornare alle versioni piu' recenti (5.4.4 o 6.0.4)
https://downloads.joomla.org/
https://downloads.joomla.org/latest
Joomla! update instructions
https://docs.joomla.org/Portal:Upgrading_Versions/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5944-joomla-6-0-4-5-4-4-security-bugfix-release.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre.html
https://developer.joomla.org/security-centre/1027-20260301-core-acl-hardening-in-com-ajax.html
https://developer.joomla.org/security-centre/1028-20260302-core-sql-injection-in-com-content-articles-webservice-endpoint.html
https://developer.joomla.org/security-centre/1029-20260303-core-xss-vector-in-com-associations-comparison-view.html
https://developer.joomla.org/security-centre/1030-20260304-core-xss-vectors-in-various-article-title-outputs.html
https://developer.joomla.org/security-centre/1031-20260305-core-arbitrary-file-deletion-in-com-joomlaupdate.html
https://developer.joomla.org/security-centre/1032-20260306-core-improper-access-check-in-webservice-endpoints.html
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-21629
https://www.cve.org/CVERecord?id=CVE-2026-21630
https://www.cve.org/CVERecord?id=CVE-2026-21631
https://www.cve.org/CVERecord?id=CVE-2026-21632
https://www.cve.org/CVERecord?id=CVE-2026-23898
https://www.cve.org/CVERecord?id=CVE-2026-23899
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCac+xOQAKCRDBnEyTZRJg
QpRQAJ921AVKgbiAwBEpJOehMVsUANvqogCgzyh3RiXtbU6Wp8CMusgSzC6Wg1c=
=GkD1
-----END PGP SIGNATURE-----