CVE-2026-48901

HIGH7.5EPSS 0.00%

Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

Published: 5/29/2026Modified: 5/29/2026

Description

The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

Affected packages (1)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1HIGH7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (2)