CVE-2026-48902
Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Joomla! Project · Joomla! CMSQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →