Vulnerability intelligence
CVE-2026-48908
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
CVSS Score
—
Critical
EPSS — Exploit Probability
0.8%
Riskier than 52% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2026-07-07
Remediation
unknown
Federal deadline 2026-07-10
1 article across 1 outlet · first covered Jul 7, 2026 · latest Jul 7, 2026
Coverage timeline
-
CISA Adds Critical Joomla SP Page Builder Flaw to KEV Cataloguecisa.gov · Jul 7, 2026