CVE Field Guide
About Us
CVE-2026-48957
PUBLISHED
Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
Assigner:
Joomla
Reserved:
26.05.2026
Published:
07.07.2026
Updated:
08.07.2026
An improper access check allows unauthorized users to access com_privacy datasets.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H
CVSS Score:
6.4
CVSS score
6.4
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
Low
Confidentiality
High
Attack Complexity
Low
Integrity
None
Integrity
High
Attack Requirements
None
Availability
None
Availability
High
Privileges Required
High
User Interaction
None
CVSS 4.0
Product Status
Vendor
Joomla! Project
Product
Joomla! CMS
Versions
Default:
unaffected
Version 4.0.0-5.4.6 is affected
Version 6.0.0-6.1.1 is affected
Credits
Himanshu Anand
finder
References
https://developer.joomla.org/security-centre/1065-20260711-core-incorrect-access-control-in-com-privacy-webservice-endpoints.html
Problem Types
CWE-284 Improper Access Control
CWE
Impacts
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs