Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla CVE-2026-48898 Vulnerability (CVE-2026-48898)

Description

An improper access check allows privilege escalation through the com_users batch task.

Remediation

References

Related Vulnerabilities

Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-32778)

Apache Tomcat Improper Authorization Vulnerability (CVE-2026-43515)

WordPress Plugin Custom Dashboard & Login Page-AGCA Multiple Unspecified Vulnerabilities (1.5.4.2)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11036)

WordPress Plugin Responsive Poll Cross-Site Scripting (1.5.8)

Severity

Critical

Classification

CVE-2026-48898 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities