CVE-2026-48902: Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links

Severity: Critical

CVSS Score: 9.8

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.