www.cisa.gov 7/7/2026, 10:31:17 PM · external

CISA flags JoomShaper SP Page Builder upload flaw CVE-2026-48908

Developing story vulnerability 2 articles tracked
JoomShaper SP Page Builder Unrestricted File Upload Vulnerability (CVE-2026-48908)
CyberSIXT Evidence Panel Source marked as original reporting
CISA KEV Listed in KEV
Patch Patch Available

THE Known Exploited Vulnerabilities (KEV) Catalog maintained by CISA provides an authoritative source for identifying vulnerabilities that have been exploited in the wild. It serves as a resource for organizations to prioritize their vulnerability management strategies effectively. The catalog details a specific vulnerability, CVE-2026-48908, associated with JoomShaper SP Page Builder, which allows unauthenticated file uploads that can lead to arbitrary file execution.

Mitigations and compliance with existing guidance are recommended for organizations to ensure security. The catalog is available in various formats, including CSV and JSON, and users can subscribe for updates.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline