All CVEs
Vulnerability intelligence

CVE-2026-48908

CWE-434

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

CVSS Score
Critical
EPSS — Exploit Probability
0.8%
Riskier than 52% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2026-07-07
Remediation
unknown
Federal deadline 2026-07-10
NVD entry CISA KEV

1 article across 1 outlet · first covered Jul 7, 2026 · latest Jul 7, 2026

Coverage timeline