CVE 9.8 CRITICAL

Joomla! Core – [20260518] – Transport encryption downgrade for password and username reset links_CVE-2026-48902

May 28, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

AI Analysis

Transport encryption downgrade vulnerability in Joomla! Core, allowing attackers to intercept sensitive information via plain HTTP links for password and username reset features.

Basic Information

ID CVE-2026-48902

Source Joomla

Published May 26, 2026 at 16:43

Modified May 28, 2026 at 13:23

Affected Product

Vendor Joomla! Project

Product Joomla! CMS

Version 3.9.0-5.4.5, 6.0.0-6.1.0

Affected Versions Joomla! Project Joomla! CMS 3.9.0-5.4.5
Joomla! Project Joomla! CMS 6.0.0-6.1.0

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Joomla! Project

Product Joomla! CMS

Version 3.9.0-5.4.5, 6.0.0-6.1.0

References

developer.joomla.org /security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html

{
    "lastseen": "",
    "description": "The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn't explicitly set.",
    "published": "2026-05-26T16:43:32.835Z",
    "modified": "2026-05-28T13:23:59.048Z",
    "type": "cve",
    "title": "Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links",
    "source": "Joomla",
    "references": "https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html",
    "id": "CVE-2026-48902",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Joomla! Project Joomla! CMS 3.9.0-5.4.5\nJoomla! Project Joomla! CMS 6.0.0-6.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Joomla! CMS",
    "version": "3.9.0-5.4.5, 6.0.0-6.1.0",
    "vendor": "Joomla! Project",
    "ai_description": "Transport encryption downgrade vulnerability in Joomla! Core, allowing attackers to intercept sensitive information via plain HTTP links for password and username reset features.",
    "ai_severity": "Critical",
    "ai_vendor": "Joomla! Project",
    "ai_product": "Joomla! CMS",
    "ai_version": "3.9.0-5.4.5, 6.0.0-6.1.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply