Unauthorized Access in Joomla's com_privacy Component
CVE-2026-48957

6.4MEDIUM

Key Information:

Vendor

Joomla

Vendor
CVE Published:
7 July 2026

What is CVE-2026-48957?

An improper access check in Joomla's com_privacy component allows unauthorized users to gain access to sensitive datasets. This vulnerability can be exploited to retrieve private information without necessary authentication, posing significant risks to user data integrity and privacy.

Affected Version(s)

Joomla! CMS 4.0.0-5.4.6

Joomla! CMS 6.0.0-6.1.1

References

CVSS V4

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Himanshu Anand
.