Inadequate Access Control in Joomla! Contacts Component by Joomla!
CVE-2026-48948

6.4MEDIUM

Key Information:

Vendor

Joomla

Vendor
CVE Published:
7 July 2026

What is CVE-2026-48948?

A security flaw in the com_contact component of Joomla! permits users to download vCard exports of contacts that should not be accessible to them, resulting in potential unauthorized exposure of sensitive user data. This improper access check poses a risk to data privacy within the application.

Affected Version(s)

Joomla! CMS 3.0.0-5.4.6

Joomla! CMS 6.0.0-6.1.1

References

CVSS V4

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jorian Woltjer
.