Joomla InputFilter Cache Key Bypass in Input Filtering
CVE-2026-48901 Published on May 26, 2026

Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

Vendor Advisory NVD

Products Associated with CVE-2026-48901

Want to know whenever a new CVE is published for Joomla? stack.watch will email you.

Joomla

Affected Versions

Joomla! Project Joomla! CMS:

Version 4.0.0-5.4.5 is affected.
Version 6.0.0-6.1.0 is affected.

Joomla InputFilter Cache Key Bypass in Input FilteringCVE-2026-48901 Published on May 26, 2026

Products Associated with CVE-2026-48901

Affected Versions

Joomla InputFilter Cache Key Bypass in Input Filtering
CVE-2026-48901 Published on May 26, 2026