An issue exists in Joomla! 4.0.0 up to and including 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
joomla joomla\\!