What is GHSA-w4ph-7vgc-vxrf?

GHSA-w4ph-7vgc-vxrf is a security advisory published by GitHub Security Advisories with Critical severity. The password and username reset features created plain http links for https connections if the ...

Which CVE IDs does GHSA-w4ph-7vgc-vxrf cover?

GHSA-w4ph-7vgc-vxrf covers the following CVE IDs: CVE-2026-48902. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-w4ph-7vgc-vxrf?

GHSA-w4ph-7vgc-vxrf has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-w4ph-7vgc-vxrfCriticalCVSS 9.8

The password and username reset features created plain http links for https connections if the ...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-48902 →

📋 Description

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-48902
https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html
https://github.com/advisories/GHSA-w4ph-7vgc-vxrf