www.securityweek.com 7/8/2026, 11:08:33 AM · external

CISA alerts on critical ColdFusion Langflow and Joomla flaws

CISA alerts on critical ColdFusion Langflow and Joomla flaws
CyberSIXT Evidence Panel

THE US cybersecurity agency CISA has issued warnings regarding exploited vulnerabilities in various software, including Adobe ColdFusion, Langflow, and Joomla extensions. • **Adobe ColdFusion (CVE-2026-48282)**: Critical path traversal vulnerability allowing remote code execution (RCE), with a CVSS score of 10/10. • **Langflow (CVE-2026-55255)**: Described as an insecure direct

object reference attack (IDOR), also with a CVSS score of 9.9, allowing unauthorized access to user flows. • Additional vulnerabilities in Joomla extensions: • **SP Page Builder (CVE-2026-48908)**: Improper access control issue allowing unauthenticated RCE, with a CVSS score of 10/10. • **Page Builder CK (CVE-2026-56290)**: An unauthenticated arbitrary file upload issue leading

to RCE, also with a CVSS score of 10/10.

CISA has urged federal agencies to patch these vulnerabilities promptly.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline