Improper Access Check in Joomla! Affects Media File Permissions
CVE-2026-48947
6.4MEDIUM
What is CVE-2026-48947?
An improper access check in Joomla! enables privileged users to overwrite media files even when they lack the necessary editing permissions. This flaw may lead to unauthorized modifications and potential data integrity issues within the platform, necessitating immediate attention from website administrators to mitigate risks associated with malicious exploitation.
Affected Version(s)
Joomla! CMS 4.1.0-5.4.6
Joomla! CMS 6.0.0-6.1.1
References
CVSS V4
Score:
6.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/