CVE-2026-48900

Description

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.

PUBLISHED Reserved 2026-05-26 | Published 2026-05-26 | Updated 2026-05-27 | Assigner Joomla

Problem types

CWE-284 Improper Access Control

Product status

Credits

Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/ finder

References

developer.joomla.org/...access-control-in-com-scheduler.html vendor-advisory

cve.org (CVE-2026-48900)

nvd.nist.gov (CVE-2026-48900)

Download JSON