CVE-2026-48902
Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Joomla! Project · Joomla! CMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →