Improper access control in Joomla! - CVE-2026-48947
Published: July 8, 2026
Joomla!
Detailed vulnerability description
The vulnerability allows a remote user to overwrite media files.
The vulnerability exists due to improper access control in com_media webservice endpoints when handling media overwrite requests. A remote user can send a request to overwrite media files.
The issue affects users who have sufficient privileges to access the webservice endpoints but do not have editing permissions for the targeted media files.