CVE-2026-48900

4.3 MEDIUM

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks

Published: 2026-05-26 · Last updated: 2026-05-26

Severity and scoring

Vendor	Product
joomla	joomla\!

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.

Source: NVD

Same vendor

CVE-2026-48905 — Lack of input filtering leads to an XSS vector in the HTML filter code (6.1 MEDIUM)
CVE-2026-48904 — An improper access check allows privelege escalation through the com_users group editing webservice endpoint (9.8 CRITICAL)
CVE-2026-48903 — Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components (6.1 MEDIUM)
CVE-2026-48902 — The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set (9.8 CRITICAL)
CVE-2026-48901 — The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key (7.5 HIGH)

Same CWE

CVE-2026-46695 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (10.0 CRITICAL)
CVE-2026-50564 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-50563 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-50545 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-49824 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)