2 matches found
BIT-JOOMLA-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...
CVE-2026-48902
CVE-2026-48902 affects Joomla! Core. The password/username reset features generate plain http links for https connections when Force SSL is not explicitly enabled, enabling possible credential exposure via downgraded transport. The issue is documented across multiple feeds (e.g., JOOMLA-1050) and...