Vulnerability Details CVE-2026-21625
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.3%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2026-21625
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9248
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9289
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9304
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9385
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9422
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9463
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9505
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9519
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9534
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9599
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9676
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9740
-
cpe:2.3:a:stackideas:easydiscuss:3.2.9744
-
cpe:2.3:a:stackideas:easydiscuss:4.0.2
-
cpe:2.3:a:stackideas:easydiscuss:4.0.20
-
cpe:2.3:a:stackideas:easydiscuss:4.0.21
-
cpe:2.3:a:stackideas:easydiscuss:4.0.8
-
cpe:2.3:a:stackideas:easydiscuss:5.0.10