• Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: High
  • Versions: 4.0.0
  • Exploit type: Incorrect Access Control
  • Reported Date: 2021-08-20
  • Fixed Date: 2021-08-24
  • CVE Number: CVE-2021-26040


The media manager does not correctly check the user's permissions before executing a file deletion command.

Affected Installs

Joomla! CMS versions 4.0.0


Upgrade to version 4.0.1


The JSST at the Joomla! Security Centre.

Reported By: Maverick