THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities related to Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder to its Known Exploited Vulnerabilities catalog. The key vulnerabilities include:
1. **CVE-2026-48282**: Adobe ColdFusion Path Traversal Vulnerability permitting arbitrary code execution.
2. **CVE-2026-48908**: JoomShaper SP Page Builder allows unauthorized uploading of malicious files.
3. **CVE-2026-55255**: Langflow vulnerability enabling unauthorized access to user flows.
4. **CVE-2026-56290**: Joomlack Page Builder vulnerability that allows remote code execution.
Attacks exploiting these flaws have started in the wild, with urgent recommendations for affected organizations to update their software by July 10, 2026.