THE Known Exploited Vulnerabilities (KEV) Catalog maintained by CISA serves as a vital resource for the cybersecurity community, helping organizations prioritize vulnerabilities that are actively exploited. The catalog includes a detailed entry for CVE-2026-48907, a vulnerability in the Widget Factory Joomla Content Editor that allows unauthorized PHP code execution through improper access control. Users are urged to apply mitigations per vendor instructions and adhere to CISA's guidance on security updates.
The KEV catalog is accessible in various formats, such as CSV and JSON, and organizations can nominate additional vulnerabilities for inclusion. Regular updates can be subscribed to for ongoing awareness.