CVE-2026-48904
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
More information : https://developer.joomla.org/security-centre/1046-20260514-core-privilege-escalation-through-com-users-webservice-endpoints.html