securityonline.info 7/8/2026, 3:31:21 AM · external

CISA flags critical Joomla, ColdFusion bugs under attack

CISA flags critical Joomla, ColdFusion bugs under attack
CyberSIXT Evidence Panel

FOUR critical vulnerabilities have been identified in software related to Joomla and Adobe ColdFusion, as reported by CISA. The vulnerabilities are:

1. **CVE-2026-48908** - A remote code execution flaw in JoomShaper SP Page Builder, allowing unauthenticated file uploads.

2. **CVE-2026-56290** - An unauthenticated file upload vulnerability in Page Builder CK.

3. **CVE-2026-55255** - An authorization bypass flaw in Langflow.

4. **CVE-2026-48282** - A path traversal vulnerability in Adobe ColdFusion.

All four vulnerabilities are actively exploited, with CVSS scores reaching 10, indicating critical severity. Updates are required for users to mitigate risks, particularly for versions prior to specified updates that have been made available.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline