An improper access check allows privelege escalation through the com_users group editing webservice endpoint.CreditsChristos Papakonstantinou, CantinaReferenceshttps://developer.joomla.org/security-centre/1046-20260514-core-privilege-escalation-through-com-users-webservice-endpoints.html
