Vulnerabilities

CVE-2026-48902

by Fred · 26/05/2026

The password and username reset features created plain http links for https connections if the “Force SSL” flag wasn’t explicitly set.

More information : https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html

Similar

Tags: Cybersecurity Alert