securityaffairs.com 7/8/2026, 9:21:28 AM · external

CISA warns of active exploits in ColdFusion, Joomla page builders

CISA warns of active exploits in ColdFusion, Joomla page builders
Developing story incident 22 articles tracked
CISA adds four actively exploited flaws to KEV catalog

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities related to Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder to its Known Exploited Vulnerabilities catalog. The key vulnerabilities include:

1. **CVE-2026-48282**: Adobe ColdFusion Path Traversal Vulnerability permitting arbitrary code execution.

2. **CVE-2026-48908**: JoomShaper SP Page Builder allows unauthorized uploading of malicious files.

3. **CVE-2026-55255**: Langflow vulnerability enabling unauthorized access to user flows.

4. **CVE-2026-56290**: Joomlack Page Builder vulnerability that allows remote code execution.

Attacks exploiting these flaws have started in the wild, with urgent recommendations for affected organizations to update their software by July 10, 2026.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline