CVE-2026-48900: CWE-284 Improper Access Control in Joomla! Project Joomla! CMS
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-48900) in Joomla! CMS arises from an improper access control weakness (CWE-284) that permits low privileged users to modify the task types of scheduler tasks. Affected versions include 4.1.0 to 5.4.5 and 6.0.0 to 6.1.0. The CVSS 4.0 base score is 6.4, indicating a medium severity with network attack vector, low attack complexity, and requiring high privileges but no user interaction. The vulnerability does not involve confidentiality, integrity, or availability impacts directly but allows limited unauthorized modification of scheduler tasks.
Potential Impact
The impact of this vulnerability is that low privileged users can edit scheduler task types, which may lead to unauthorized changes in scheduled operations within Joomla! CMS. While the CVSS score reflects medium severity, the exact consequences depend on how scheduler tasks are used in the affected environment. There are no reports of active exploitation in the wild.
Mitigation Recommendations
No official patch or remediation guidance is currently available for this vulnerability. Users should monitor the Joomla! Project advisories for updates. Until a fix is released, restrict access to scheduler task management to trusted users with appropriate privileges to minimize risk.
CVE-2026-48900: CWE-284 Improper Access Control in Joomla! Project Joomla! CMS
Description
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVSS v4.0
Score 6.4medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-48900) in Joomla! CMS arises from an improper access control weakness (CWE-284) that permits low privileged users to modify the task types of scheduler tasks. Affected versions include 4.1.0 to 5.4.5 and 6.0.0 to 6.1.0. The CVSS 4.0 base score is 6.4, indicating a medium severity with network attack vector, low attack complexity, and requiring high privileges but no user interaction. The vulnerability does not involve confidentiality, integrity, or availability impacts directly but allows limited unauthorized modification of scheduler tasks.
Potential Impact
The impact of this vulnerability is that low privileged users can edit scheduler task types, which may lead to unauthorized changes in scheduled operations within Joomla! CMS. While the CVSS score reflects medium severity, the exact consequences depend on how scheduler tasks are used in the affected environment. There are no reports of active exploitation in the wild.
Mitigation Recommendations
No official patch or remediation guidance is currently available for this vulnerability. Users should monitor the Joomla! Project advisories for updates. Until a fix is released, restrict access to scheduler task management to trusted users with appropriate privileges to minimize risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Joomla
- Date Reserved
- 2026-05-26T10:06:17.656Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a15d231891d628fdc604ceb
Added to database: 5/26/2026, 5:02:41 PM
Last enriched: 5/26/2026, 5:19:15 PM
Last updated: 5/26/2026, 11:02:42 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.