Inadequate Access Control in Joomla! Contacts Component by Joomla!
CVE-2026-48948
6.4MEDIUM
What is CVE-2026-48948?
A security flaw in the com_contact component of Joomla! permits users to download vCard exports of contacts that should not be accessible to them, resulting in potential unauthorized exposure of sensitive user data. This improper access check poses a risk to data privacy within the application.
Affected Version(s)
Joomla! CMS 3.0.0-5.4.6
Joomla! CMS 6.0.0-6.1.1