CVE-2026-48897
Analyzed Analyzed - Analysis Complete
Two-Factor Authentication Bypass in Joomla

Publication date: 2026-05-26

Last updated on: 2026-05-28

Assigner: Joomla! Project

Description
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-48897
EUVD
EUVD-2026-31883
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
joomla joomla! From 4.0.0 (inc) to 5.4.6 (exc)
joomla joomla! From 6.0.0 (inc) to 6.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48897 is a security vulnerability in Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0 that allows an authentication bypass in Multi-Factor Authentication (MFA).

The vulnerability occurs due to incorrectly reset session states, which enables attackers to bypass 2FA (two-factor authentication) checks.

This means that an attacker can potentially gain unauthorized access without completing the required second authentication step.

Compliance Impact

This vulnerability allows attackers to bypass Multi-Factor Authentication (MFA) checks, potentially gaining unauthorized access to Joomla! CMS systems.

Such unauthorized access can lead to exposure or compromise of sensitive personal or protected health information, which may violate compliance requirements under standards like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could negatively impact an organization's ability to maintain compliance with these regulations by failing to adequately protect user data through strong authentication mechanisms.

Impact Analysis

This vulnerability can allow attackers to bypass two-factor authentication, which significantly weakens the security of user accounts.

As a result, unauthorized users may gain access to sensitive information or administrative functions within the Joomla! CMS.

This can lead to data breaches, unauthorized changes, or other malicious activities on affected websites.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-48897, you should upgrade Joomla! CMS to versions 5.4.6 or 6.1.1 or later.

These versions contain the fix for the authentication bypass in Multi-Factor Authentication caused by incorrectly reset session states.

Detection Guidance

This vulnerability involves an authentication bypass in Joomla! CMS Multi-Factor Authentication (MFA) due to incorrectly reset session states. Detection would typically involve monitoring for unusual authentication behavior or unauthorized access attempts bypassing 2FA.

Since the vulnerability is related to session state handling within Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0, one practical detection method is to verify the Joomla! CMS version running on your system.

To check the Joomla! version on your system, you can use commands such as:

  • Access the Joomla! administrator backend and check the version information displayed on the control panel.
  • Use command line to check the version by inspecting the version.php file, for example:
  • cat /path/to/joomla/libraries/src/Version.php | grep 'public const RELEASE'

If the version falls within the vulnerable ranges, it is recommended to upgrade to Joomla! CMS versions 5.4.6 or 6.1.1 or later to mitigate the risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48897. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart