THE US cybersecurity agency CISA has issued warnings regarding exploited vulnerabilities in various software, including Adobe ColdFusion, Langflow, and Joomla extensions. • **Adobe ColdFusion (CVE-2026-48282)**: Critical path traversal vulnerability allowing remote code execution (RCE), with a CVSS score of 10/10. • **Langflow (CVE-2026-55255)**: Described as an insecure direct
object reference attack (IDOR), also with a CVSS score of 9.9, allowing unauthorized access to user flows. • Additional vulnerabilities in Joomla extensions: • **SP Page Builder (CVE-2026-48908)**: Improper access control issue allowing unauthenticated RCE, with a CVSS score of 10/10. • **Page Builder CK (CVE-2026-56290)**: An unauthenticated arbitrary file upload issue leading
to RCE, also with a CVSS score of 10/10.
CISA has urged federal agencies to patch these vulnerabilities promptly.