CVE-2026-48904

An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

critical 9.8 CVSS 3.1
Published: May 26, 2026
Modified: May 26, 2026
Vendor: Joomla
Product: Joomla\!

Description

An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

References

Related CVEs

CVE-2026-48903 medium · 6.1
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48905 medium · 6.1
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-48896 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48897 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48898 critical · 9.8
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48899 critical · 9.8
An improper access check allows privilege escalation through the com_users batch task.