CVE-2026-48901

CVE-2026-48901: Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

Vendor Joomla! Project
Product Joomla! CMS
Published May 26, 2026
Last update June 5, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

Key dates

Disclosure timeline

May 26, 2026 CVE published
June 5, 2026 Record updated