What is CVE-2026-49049?

CVE-2026-49049 is a high-severity vulnerability in Joomshaper.com Helix3 Extension For Joomla, classified under Improper Access Control. CVSS score: 7.5/10. Published 2026-06-29.

How severe is CVE-2026-49049?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Joomshaper.com Helix3 Extension For Joomla

CVE-2026-49049

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Joomshaper.com Helix3 Extension For Joomla — versions 1.0-3.1.1

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

security@joomla.org (product)

Frequently asked questions

What is CVE-2026-49049?: CVE-2026-49049 is a high-severity vulnerability in Joomshaper.com Helix3 Extension For Joomla, classified under Improper Access Control. CVSS score: 7.5/10. Published 2026-06-29.
How severe is CVE-2026-49049?: High severity. CVSS v3 base score is 7.5 out of 10.