CVE-2026-49048
Joomla JoomCCK SQL Injection Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
The JoomCCK extension for Joomla has a critical SQL injection vulnerability. If reachable, attackers can execute arbitrary SQL commands by concatenating user-supplied data into SQL queries, potentially leading to unauthorized access, modification, or theft of sensitive data. This impacts Joomla installations using the