What is the CVSS score of EUVD-2026-32162?

EUVD-2026-32162 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y. EPSS exploitation probability: 0.1%.

Which versions of Tassos Framework are affected by EUVD-2026-32162?

CVE-2026-48906 affects the Novarain/Tassos Framework plugin and Tassos.gr Joomla extensions, allowing unauthenticated remote attackers to delete arbitrary files on affected sites.

Tassos Framework EUVD-2026-32162

| CVE-2026-48906 CRITICAL

Improper Access Control (CWE-284)

2026-05-27 Joomla

GHSA-wfvx-j6wj-x7w9

Authentication Bypass Convert Forms Advanced Custom Fields Novarain Tassos Framework Plg System Nrframework Engagebox Google Structured Data Smile Pack Tassos Code Snippets Mailchimp Auto Subscribe

9.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:19 vuln.today

DescriptionNVD

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.

AnalysisAI

Arbitrary file deletion in the Novarain/Tassos Framework system plugin (plg_system_nrframework) and the suite of Tassos.gr Joomla extensions that bundle it lets remote unauthenticated attackers delete arbitrary files on affected sites. The CVSS 4.0 vector (PR:N/UI:N) and the 'Authentication Bypass' tag indicate no credentials or interaction are needed, and the high integrity/availability impact reflects that deleting core files such as Joomla's configuration.php can lead to denial of service or site takeover. …

RemediationAI

Within 24 hours: Audit all Joomla installations to identify systems running plg_system_nrframework or Tassos.gr extensions; document affected versions and server locations. Within 7 days: Disable or remove the affected plugin from all instances; apply compensating controls (firewall rules, file permissions); verify deletion capability is blocked. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32162 vulnerability details – vuln.today

Back