CVE Alert & Security Feed

Stats Digest Feeds

← Back to all CVEs

CVE-2026-48902

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 26, 2026

Vendor unknown

Description

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

References

https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html