Joomla CMS Media File Overwrite via Improper Access Check
CVE-2026-48947 Published on July 7, 2026

Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions.

Vendor Advisory NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2026-48947 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2026-48947

Want to know whenever a new CVE is published for Joomla? stack.watch will email you.

 

Affected Versions

Joomla! Project Joomla! CMS: