Autres informations et services du gouvernement : www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Critical improperly secured file management in Astroid framework in Joomla that can lead to RCE, Patch Immediately!

Image
Decorative image
Publié : 06/03/2026
  • Last update: 06/03/2026
  • Affected software:
    → Astroid Framework for Joomla (versions 2.0.0–3.3.10)
  • Type: CWE-434: Unrestricted Upload of File with Dangerous Type
  • CVE/CVSS
    → CVE-2026-21628: CVSS 10.0 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y)

Sources

Astroid - https://astroidframe.work/
CVE feed - https://cvefeed.io/vuln/detail/CVE-2026-21628

Risks

Astroid Framework is a powerful, open-source Joomla template framework designed for building responsive, fast-loading websites without coding. It features drag-and-drop layout builders, mega menus, advanced typography controls, and full Joomla integration for designers and developers.

CVE-2026-21628 is a critical vulnerability in the improperly secured file management system of the Astroid Framework in Joomla that was discovered on the 5th of March 2026.

The impact of exploiting this vulnerability to all aspects of the CIA triad (Confidentiality, Integrity, and Availability) is high.

There is currently no evidence that CVE-2026-21628 has been exploited in the wild, nor is there a proof-of-concept publicly available.

Description

This Unrestricted file upload vulnerability (CVE-2026-21628) stems from the lack of restrictions on the size or number of uploaded files which is a resource consumption issue.

A remote, unauthenticated attacker can exploit this vulnerability without any user interaction, to execute code remotely, which can have catastrophic impact on the system.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-21628