CVE-2026-48896
Analyzed Analyzed - Analysis Complete
Two-Factor Authentication Bypass in Joomla

Publication date: 2026-05-26

Last updated on: 2026-05-28

Assigner: Joomla! Project

Description
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-48896
EUVD
EUVD-2026-31890
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
joomla joomla! From 4.0.0 (inc) to 5.4.6 (exc)
joomla joomla! From 6.0.0 (inc) to 6.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48896 is a security vulnerability in Joomla! CMS that allows an attacker to bypass Multi-Factor Authentication (MFA) due to insufficient state checks.

This means that the system does not properly verify certain states during the authentication process, enabling unauthorized users to circumvent the 2FA security layer.

The vulnerability affects Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0.

Impact Analysis

This vulnerability can have a high impact as it allows attackers to bypass the Multi-Factor Authentication mechanism, potentially gaining unauthorized access to user accounts.

By bypassing 2FA, attackers can compromise sensitive information, perform unauthorized actions, and escalate privileges within the Joomla! CMS environment.

Users of affected Joomla! versions are advised to upgrade to versions 5.4.6 or 6.1.1 to mitigate this risk.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-48896 in Joomla! CMS, users should upgrade affected Joomla! versions to the fixed releases.

  • Upgrade Joomla! CMS versions 4.0.0 through 5.4.5 to version 5.4.6 or later.
  • Upgrade Joomla! CMS versions 6.0.0 through 6.1.0 to version 6.1.1 or later.

For further assistance, contact the Joomla! Security Strike Team (JSST) at the Joomla! Security Centre.

Detection Guidance

This vulnerability affects Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0 and allows bypassing Multi-Factor Authentication due to insufficient state checks.

To detect if your system is vulnerable, first identify the Joomla! CMS version running on your system. If it falls within the affected versions, your system is at risk.

You can check the Joomla! version by running commands such as:

  • Access the Joomla! administrator backend and check the version information on the control panel.
  • Use command line to check the version by inspecting the version.php file, for example:
  • cat /path/to/joomla/libraries/src/Version.php | grep 'public const RELEASE'

If the version is within the vulnerable range, it is recommended to upgrade to Joomla! versions 5.4.6 or 6.1.1 or later to mitigate the risk.

There are no specific network detection commands or signatures provided for this vulnerability in the available resources.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48896. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart