Alert GCSA-26053 - Aggiornamento di sicurezza per Joomla!

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** alert ID: GCSA-26053 data: 03 aprile 2026 titolo: Aggiornamento di sicurezza per Joomla! ****************************************************************** :: Descrizione del problema E' stata rilasciata una nuova versione del CMS Joomla! con la quale vengono corrette alcune vulnerabilita' di sicurezza. [20260301] - Core - ACL hardening in com_ajax [20260302] - Core - SQL injection in com_content articles webservice endpoint [20260303] - Core - XSS vector in com_associations comparison view [20260304] - Core - XSS vectors in various article title outputs [20260305] - Core - Arbitrary file deletion in com_joomlaupdate [20260306] - Core - Improper access check in webservice endpoints Maggiori dettagli sono disponibili alla sezione "Riferimenti". :: Software interessato Joomla! versioni precedenti alla 5.4.4 Joomla! versioni precedenti alla 6.0.4 :: Impatto Bypass delle funzionalita' di sicurezza (SFB) SQL Injection (SQLi) Cross-Site Scripting (XSS) Attacco all'integrita' dei dati :: Soluzioni Aggiornare alle versioni piu' recenti (5.4.4 o 6.0.4) https://downloads.joomla.org/ https://downloads.joomla.org/latest Joomla! update instructions https://docs.joomla.org/Portal:Upgrading_Versions/it :: Riferimenti Joomla! Release News https://www.joomla.org/announcements/release-news/5944-joomla-6-0-4-5-4-4-security-bugfix-release.html Joomla! Security Announcements https://developer.joomla.org/security-centre.html https://developer.joomla.org/security-centre/1027-20260301-core-acl-hardening-in-com-ajax.html https://developer.joomla.org/security-centre/1028-20260302-core-sql-injection-in-com-content-articles-webservice-endpoint.html https://developer.joomla.org/security-centre/1029-20260303-core-xss-vector-in-com-associations-comparison-view.html https://developer.joomla.org/security-centre/1030-20260304-core-xss-vectors-in-various-article-title-outputs.html https://developer.joomla.org/security-centre/1031-20260305-core-arbitrary-file-deletion-in-com-joomlaupdate.html https://developer.joomla.org/security-centre/1032-20260306-core-improper-access-check-in-webservice-endpoints.html Mitre CVE https://www.cve.org/CVERecord?id=CVE-2026-21629 https://www.cve.org/CVERecord?id=CVE-2026-21630 https://www.cve.org/CVERecord?id=CVE-2026-21631 https://www.cve.org/CVERecord?id=CVE-2026-21632 https://www.cve.org/CVERecord?id=CVE-2026-23898 https://www.cve.org/CVERecord?id=CVE-2026-23899 GARR CERT Security Alert - subscribe/unsubscribe: http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCac+xOQAKCRDBnEyTZRJg QpRQAJ921AVKgbiAwBEpJOehMVsUANvqogCgzyh3RiXtbU6Wp8CMusgSzC6Wg1c= =GkD1 -----END PGP SIGNATURE-----