Security Announcements
This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.6, 6.0.0-6.1.1
- Exploit type: Incorrect Access Control
- Reported Date: 2026-05-05
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48958
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.6, 6.0.0-6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.6, 6.0.0-6.1.1
- Exploit type: Incorrect Access Control
- Reported Date: 2026-06-12
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48957
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.6, 6.0.0-6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.6, 6.0.0-6.1.1
- Exploit type: Incorrect Access Control
- Reported Date: 2026-05-22
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48956
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.6, 6.0.0-6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 6.0.0-6.1.1
- Exploit type: Incorrect Access Control
- Reported Date: 2026-04-22
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48955
Description
Affected Installs
Joomla! CMS versions 6.0.0-6.1.1
Solution
Upgrade to version 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 3.0.0-5.4.6,6.0.0-6.1.1
- Exploit type: XSS
- Reported Date: 2026-05-15
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48954
Description
Affected Installs
Joomla! CMS versions 3.0.0-5.4.5,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.6,6.0.0-6.1.1
- Exploit type: XSS
- Reported Date: 2026-05-15
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48953
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.6,6.0.0-6.1.1
- Exploit type: XSS
- Reported Date: 2026-05-21
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48952
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.6,6.0.0-6.1.1
- Exploit type: XSS
- Reported Date: 2026-05-07
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48951
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.6,6.0.0-6.1.1
- Exploit type: XSS
- Reported Date: 2026-05-07
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48950
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.2.0-5.4.6,6.0.0-6.1.1
- Exploit type: XSS
- Reported Date: 2026-05-07
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48949
Description
Affected Installs
Joomla! CMS versions 4.2.0-5.4.5,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 3.0.0-5.4.6,6.0.0-6.1.1
- Exploit type: Incorrect Access Control
- Reported Date: 2026-05-07
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48948
Description
Affected Installs
Joomla! CMS versions 3.0.0-5.4.5,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Probability: Low
- Versions: 4.1.0-5.4.6,6.0.0-6.1.1
- Exploit type: Incorrect Access Control
- Reported Date: 2026-05-05
- Fixed Date: 2026-07-07
- CVE Number: CVE-2026-48947
Description
Affected Installs
Joomla! CMS versions 4.1.0-5.4.6,6.0.0-6.1.1
Solution
Upgrade to version 5.4.7, 6.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: Framewok
- Impact: Moderate
- Severity: Moderate
- Probability: Moderate
- Versions: 3.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: XSS
- Reported Date: 2026-05-04
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48905
Description
Affected Installs
Joomla! CMS versions 3.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: Framewok
- Impact: Moderate
- Severity: Moderate
- Probability: Moderate
- Versions: 3.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: XSS
- Reported Date: 2026-04-21
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48903
Description
Affected Installs
Joomla! CMS versions 3.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 3.9.0-5.4.5,6.0.0-6.1.0
- Exploit type: Mixed Content
- Reported Date: 2026-04-20
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48902
Description
Affected Installs
Joomla! CMS versions 3.9.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Incorrect Cache Key Construction
- Reported Date: 2025-11-14
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48901
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Probability: Low
- Versions: 4.1.0-5.4.5,6.0.0-6.1.0
- Exploit type: Incorrect Access Control
- Reported Date: 2026-04-29
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48900
Description
Affected Installs
Joomla! CMS versions 4.1.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Moderate
- Probability: Moderate
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Incorrect Access Control
- Reported Date: 2026-04-23
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48899
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Privilege Escalation
- Reported Date: 2026-04-15
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48904
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: High
- Probability: Low
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Privilege Escalation
- Reported Date: 2026-04-15
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48898
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Moderate
- Probability: Moderate
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Authentication Bypass
- Reported Date: 2026-04-01
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48897
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Moderate
- Probability: Moderate
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Authentication Bypass
- Reported Date: 2026-04-01
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-48896
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Path traversal
- Reported Date: 2026-04-15
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-40384
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: High
- Probability: Low
- Versions: 3.2.1-5.4.5,6.0.0-6.1.0
- Exploit type: Local File Inclusion
- Reported Date: 2026-04-15
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-40383
Description
Affected Installs
Joomla! CMS versions 3.2.1-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Moderate
- Probability: Low
- Versions: 4.0.0-5.4.5,6.0.0-6.1.0
- Exploit type: Incorrect Access Control
- Reported Date: 2026-04-15
- Fixed Date: 2026-05-26
- CVE Number: CVE-2026-35223
Description
Affected Installs
Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0
Solution
Upgrade to version 5.4.6,6.1.1
Contact
The JSST at the Joomla! Security Centre.