CVE-2026-48906

🗓️ 27 May 2026 09:11:40Reported by JoomlaType

CVE-2026-48906 affects Tassos Framework Plugin on Joomla, enabling arbitrary file deletion below 6.1.0.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-48906	27 May 202609:11	–	attackerkb
Circl	CVE-2026-48906	27 May 202613:43	–	circl
CNNVD	Tassos Framework Plugin 访问控制错误漏洞	27 May 202600:00	–	cnnvd
Cvelist	CVE-2026-48906 Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla	27 May 202609:11	–	cvelist
EUVD	EUVD-2026-32162	27 May 202609:11	–	euvd
NVD	CVE-2026-48906	27 May 202611:16	–	nvd
Positive Technologies	PT-2026-43681	27 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-48906	5 Jun 202612:42	–	redhatcve
Vulnrichment	CVE-2026-48906 Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla	27 May 202609:11	–	vulnrichment

NVD

Node

tassos advanced_custom_fieldsRange1.0.0–2.8.12joomla!

tassos advanced_custom_fieldsRange3.0.0–3.1.3joomla!

tassos convert_formsRange1.0.0–4.4.12joomla!

tassos convert_formsRange5.0.0–5.1.5joomla!

tassos engageboxRange1.0.0–6.3.11joomla!

tassos engageboxRange7.0.0–7.1.1joomla!

tassos google_structured_dataRange1.0.0–5.6.11joomla!

tassos google_structured_dataRange6.0.0–6.1.9joomla!

tassos mailchimp_auto-subscribeRange1.0.0–5.0.5joomla!

tassos mailchimp_auto-subscribeRange5.1.0–5.2.0joomla!

tassos smile_packRange1.0.0–1.2.6joomla!

tassos smile_packRange2.0.0–2.1.0joomla!

tassos tassos_code_snippetsMatch1.0.0joomla!

tassos tassos_frameworkRange1.0.0–6.0.1joomla!

[
  {
    "defaultStatus": "unaffected",
    "product": "Novarain/Tassos Framework (plg_system_nrframework)",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0-6.0.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Convert Forms",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0-4.4.12"
      },
      {
        "status": "affected",
        "version": "5.0.0-5.1.5"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EngageBox",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0-6.3.11"
      },
      {
        "status": "affected",
        "version": "7.0.0-7.1.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Google Structured Data",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0-5.6.11"
      },
      {
        "status": "affected",
        "version": "6.0.0-6.1.9"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Advanced Custom Fields",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0-2.8.12"
      },
      {
        "status": "affected",
        "version": "3.0.0-3.1.3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Smile Pack",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0-1.2.6"
      },
      {
        "status": "affected",
        "version": "2.0.0-2.1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Tassos Code Snippets",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MailChimp Auto-Subscribe",
    "vendor": "tassos.gr",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0-5.0.5"
      },
      {
        "status": "affected",
        "version": "5.1.0-5.2.0"
      }
    ]
  }
]

Source	Link
tassos	www.tassos.gr/

17 Jun 2026 10:55Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.1

CVSS 49.3

EPSS0.00267

SSVC

CWE-284