Improper Access Check in Joomla! Affects Media File Permissions
CVE-2026-48947

6.4MEDIUM

Key Information:

Vendor

Joomla

Vendor
CVE Published:
7 July 2026

What is CVE-2026-48947?

An improper access check in Joomla! enables privileged users to overwrite media files even when they lack the necessary editing permissions. This flaw may lead to unauthorized modifications and potential data integrity issues within the platform, necessitating immediate attention from website administrators to mitigate risks associated with malicious exploitation.

Affected Version(s)

Joomla! CMS 4.1.0-5.4.6

Joomla! CMS 6.0.0-6.1.1

References

CVSS V4

Score:
6.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/
.