Joomla · Com Users · CVE-2026-35220
**Name of the Vulnerable Software and Affected Versions**
com users (affected versions not specified)
**Description**
Lack of Cross-Site Request Forgery (CSRF) token validation—a mechanism used to prevent unauthorized commands from being transmitted from a user the web application trusts—leads to a CSRF attack vector in the admin activation endpoint of 'com users'.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.