CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
Publish Date: 2026-07-08 01:33:00
Source Domain: thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerabilities are listed below –
- CVE-2026-48282 (CVSS score: 10.0) – A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of the current user.
- CVE-2026-56290 (CVSS score: 10.0) – An improper access control vulnerability in Joomlack Page Builder that could allow for remote code execution via unauthenticated arbitrary file upload.
- CVE-2026-55255 (CVSS score: 6.1) – An authorization bypass through a user-controlled key vulnerability in Langflow that could allow an authenticated attacker to execute any flow belonging to another user by specifying the victim’s flow ID in the request.
- CVE-2026-48908 (CVSS score: 10.0) – An unrestricted upload of a file with a dangerous type vulnerability in JoomShaper SP Page Builder that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
It’s worth noting that exploitation of CVE-2026-48282 was observed within hours of public disclosure, with Ryan Dewhurst, security researcher and founder of KEVIntel, telling The Hacker News that an attempt was recorded from an IP address geolocated to India (“103.207.14[.]220”).
CVE-2026-48908, on the other hand, is said to have been exploited as a zero-day to upload a PHP file by means of an HTTP POST request to the “index.php?option=com_sppagebuilder&task=asset.uploadCustomIcon” endpoint, followed by the appearance of a new Super User account, per mySites.guru. Users of SP Page Builder are advised to update to version 6.6.2 or later.
The Joomla and WordPress site manager service has also recorded exploitation efforts aimed at CVE-2026-56290 as of June 27, 2026, to deliver a web shell on susceptible…