CRITICAL🇵🇱 Wersja polska

CVE-2026-48902

CVSS 9.8pub. 2026-05-26upd. 2026-06-02

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

🤖 AI Analysis
How it works

The password and username reset mechanism in Joomla! creates links with an HTTP prefix instead of HTTPS in the case of encrypted connections, if the 'Force SSL' flag is not explicitly set in the configuration. This means that reset tokens are transmitted over an unencrypted channel, allowing them to be intercepted using man-in-the-middle techniques. An attacker monitoring network traffic can obtain the token and take control of the user account.

Impact

An attacker can intercept a password reset token or username sent via an unencrypted HTTP link and gain unauthorized access to the account of any user who initiated the reset process.

Mitigation & patch

Apply patches available from the vendor according to the references (https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html). As a temporary measure, it is recommended to explicitly enable the 'Force SSL' flag in the Joomla! configuration to enforce the generation of reset links using HTTPS.

Who is affected

Joomla! — versions indicated in the vendor's references (security bulletin 20260518)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Joomla Joomla\!

    APP
    Joomla
    3.0.0 – 5.4.6 (bez)6.0.0 – 6.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-10033CRITICAL9.8⚠ KEVten sam produkt

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass ...

CVE-2025-25226CRITICAL9.8PL ✓ten sam produkt

SQL injection w metodzie quoteNameStr pakietu bazy danych Joomla Framework

CVE-2024-27185CRITICAL9.1PL ✓ten sam produkt

Joomla! — cache poisoning przez dowolne parametry w paginacji

CVE-2022-23797CRITICAL9.8ten sam produkt

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the sel...

CVE-2022-23795CRITICAL9.8ten sam produkt

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a s...