Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
CVE-2026-48898: Privilege Escalation in Joomla com_users Batch Task
CVE-2026-48898
BIT-joomla-2026-48898
Summary
A bug in Joomla's com_users batch task allows an attacker to gain higher levels of access to the website. This could enable them to make changes or access sensitive data they shouldn't be able to. Update Joomla to the latest version to fix this issue.
What to do
- Update joomla to version 6.1.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| – | joomla | joomla\! |
>= 4.0.0, < 5.4.6 >= 6.0.0, < 6.1.1 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* |
| Bitnami | – | joomla |
>= 6.0.0, < 6.1.1 Fix: upgrade to 6.1.1
|
Original title
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Original description
An improper access check allows privilege escalation through the com_users batch task.
nvd CVSS4.0
8.2
Vulnerability type
CWE-284
Improper Access Control
Published: 27 May 2026 · Updated: 27 May 2026 · First seen: 26 May 2026