CVE-2026-48901

CVE-2026-48901: Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

Vendor Joomla! Project
Product Joomla! CMS
Published May 26, 2026
Last update June 5, 2026

CVSS base score

What the vulnerability does

01Description

The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

Explanation of Vulnerability in Simple Terms

02Summary

Insufficient metadata provided to generate a reliable CVE summary. The CVSS score, vector, CWE classification, and affected version range are all missing or malformed. A CVE record requires at minimum a CVSS vector and CWE to determine impact and exploitability. Contact the Joomla! Project or NVD for complete vulnerability details before taking action.

What an attacker can do

03Attacker Capabilities

Unable to determine without CVSS vector and CWE data.

Potential impact on your site

04Site Impact

Unable to assess risk without complete vulnerability metadata.

Conditions required to exploit

05Prerequisites

Unable to determine without CVSS vector data.

Key dates

06Disclosure timeline

May 26, 2026 CVE published
June 5, 2026 Record updated