Privilege Escalation in Joomla through Access Check Flaw
CVE-2026-48899

5.3MEDIUM

Key Information:

Vendor: Joomla
Status: Joomla! Cms
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-48899?

An improper access check in Joomla's com_users batch task permits unauthorized users to escalate their privileges. This vulnerability allows users with insufficient access rights to perform actions they should not be able to, potentially compromising the integrity and security of the application. This issue underscores the importance of proper access controls in web applications.

Affected Version(s)

Joomla! CMS 4.0.0-5.4.5

Joomla! CMS 6.0.0-6.1.0

References

https://developer.joomla.org/security-centre/1047-2026051...

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 26, 2026

Credit

廖双

CVE-2026-48899 Data

JSON