CVE-2026-48902
Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Joomla! Project · Joomla! CMS¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →