CVE-2026-48900 MEDIUM

CVE-2026-48900: Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

Vendor Joomla! Project
Product Joomla! CMS
Weakness CWE-284
Published May 26, 2026
Last update May 27, 2026
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H

What the vulnerability does

Description

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.

Key dates

Disclosure timeline

May 26, 2026 CVE published
May 27, 2026 Record updated