The Joomla! Project is pleased to announce the release of Joomla 5.2.6 and Joomla 4.4.13. This is a security release for the 5.x and 4.x series of Joomla.
These releases continue Joomla’s high standards in accessible web design, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.
Security Fix
- [20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package
- [20250402] - Core - MFA Authentication Bypass
The update fixes a security problem with missing checks that could lead to a way to skip the two-step verification. It also fixes an issue with the quoteNameStr database package.