CVE-2026-48901
HIGHDescription
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| joomla | joomla\! |
| joomla | joomla\! |
References
Frequently Asked Questions
What is CVE-2026-48901? +
How severe is CVE-2026-48901? +
What products are affected by CVE-2026-48901? +
How do I check if I'm vulnerable to CVE-2026-48901? +
Related Vulnerabilities
An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control …
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting …
Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results …
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In …
Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie …
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of …