Joomla CMS Media File Overwrite via Improper Access Check
CVE-2026-48947 Published on July 7, 2026
Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-48947 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-48947
Want to know whenever a new CVE is published for Joomla? stack.watch will email you.
Affected Versions
Joomla! Project Joomla! CMS:- Version 4.1.0-5.4.6 is affected.
- Version 6.0.0-6.1.1 is affected.