Main Vulnerability Database Vulnerabilities #VU132330

Improper access control in Joomla! - CVE-2026-48899

Published: May 26, 2026

Vulnerability identifier: #VU132330

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-48899

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Joomla!

Affected software:
Joomla!

Detailed vulnerability description

The vulnerability allows a remote attacker to perform unauthorized actions related to the installation of sample data.

The vulnerability exists due to improper access control in sample data plugins when handling installation actions for sample data. A remote attacker can invoke sample data installation functionality to perform unauthorized actions related to the installation of sample data.

How to mitigate CVE-2026-48899

Install security update from vendor's website.

Sources

https://developer.joomla.org/security-centre/1047-20260515-core-incorrect-access-control-in-sample-data-plugins.html

Improper access control in Joomla! - CVE-2026-48899

Detailed vulnerability description

How to mitigate CVE-2026-48899

Sources

Please verify you're human