CVE-2026-48902
EUVD-2026-3187826.05.2026, 17:16
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla\! | 3.0.0 ≤ 𝑥 < 5.4.6 |
| joomla | joomla\! | 6.0.0 ≤ 𝑥 < 6.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure