CYBERHAWK / CVE / CVE-2026-48907

CVE-2026-48907

Joomla Content Editor

ACTIVELY EXPLOITED (KEV) other

The flaw

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-48907

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code ExecutionThe Hacker News · 2026-06-17
CVE-2026-48907, LiteSpeed cPanel Plugin Flaws ExploitedThe Cyber Express · 2026-06-19
Joomla, LiteSpeed Vulnerabilities Exploited in AttacksSecurityWeek · 2026-06-17

First seen 2026-06-19 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits