{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-32968/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-32968","joomla","rce","command-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32968 describes a critical remote code execution (RCE) vulnerability affecting the com_mb24sysapi module in Joomla. The vulnerability stems from improper neutralization of special elements within OS commands, allowing an unauthenticated remote attacker to inject arbitrary commands. Successful exploitation of this vulnerability can lead to complete compromise of the affected system. This vulnerability is identified as a variant of CVE-2020-10383, suggesting a similar underlying flaw…\u003c/p\u003e\n","date_modified":"2026-03-23T12:16:08Z","date_published":"2026-03-23T12:16:08Z","id":"/briefs/2026-03-joomla-rce/","summary":"An unauthenticated remote attacker can exploit an OS command injection vulnerability (CVE-2026-32968) in the com_mb24sysapi module of Joomla, leading to remote code execution and full system compromise.","title":"Joomla com_mb24sysapi Module Unauthenticated RCE (CVE-2026-32968)","url":"https://feed.craftedsignal.io/briefs/2026-03-joomla-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-32968","version":"https://jsonfeed.org/version/1.1"}