THREAT actors are exploiting vulnerabilities in Joomla and the LiteSpeed cPanel plugin, leading to potential code execution and privilege escalation. A significant vulnerability tracked as CVE-2026-48907 in the Joomla Content Editor allows unauthorized file uploads, enabling attackers to execute arbitrary PHP code. Joomla has urged users to update to version 2.9.99.6 to mitigate this risk.
Similarly, the LiteSpeed cPanel plugin is vulnerable to CVE-2026-54420, which permits users with FTP access to escalate privileges to root on certain servers. The US Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, urging prompt remediation for federal agencies.