All incidents

CISA adds four actively exploited flaws to KEV catalog

incidentopenJun 19, 2026 — Jul 8, 2026
CISA adds four actively exploited flaws to KEV catalog

CISA added four actively exploited flaws to its Known Exploited Vulnerabilities catalog according to a recent advisory, affecting Adobe ColdFusion, Joomla page builders and Langflow. The move signals an urgent need for defenders to review exposure and apply patches.

CVE-2026-48282, scored CVSS 10, is a path traversal vulnerability in Adobe ColdFusion that permits unauthenticated arbitrary code execution. CVE-2026-48908, also CVSS 10, lets attackers upload malicious files through the JoomShaper SP Page Builder component. CVE-2026-55255, scored CVSS 8.4, describes an authorization bypass in Langflow where user‑controlled keys can be manipulated to gain elevated privileges as detailed in the vendor advisory. CVE-2026-56290, rated CVSS 10, is an improper access control flaw in the Joomlack Page Builder that enables remote code execution.

CISA noted that all four flaws are being exploited in the wild, although no specific threat actors have been publicly identified according to recent reporting. Patches are available from the respective vendors and have been marked as required in the KEV catalogue.

The addition brings the total of KEV entries to a new high and highlights the growing danger facing web‑application ecosystems as noted in industry coverage. Organisations that rely on ColdFusion servers or Joomla extensions should treat these issues as priority risks.

Defenders should start by confirming which versions of ColdFusion, Joomla and Langflow are in use and then apply the latest security updates supplied by Adobe, the Joomla extension developers and the Langflow project. Where immediate patching is not possible, administrators can restrict network access to the affected interfaces, disable unused features and enable detailed logging to spot abnormal file uploads or authentication attempts.

Maintaining an accurate inventory of internet‑facing assets and subscribing to CISA alerts helps ensure that future KEV additions are acted upon quickly through the official catalogue. Testing patches in a controlled environment before rollout reduces the chance of disruption, and deploying a web application firewall can provide temporary protection while fixes are rolled out.

Intelligence briefing updated Jul 8, 2026

CVE-2026-10134 10.0 CVE-2026-48276 10.0 CVE-2026-48277 10.0 CVE-2026-48281 10.0 CVE-2026-48282 10.0 KEV CVE-2026-48283 10.0 CVE-2026-48558 10.0 KEV CVE-2026-48908 10.0 KEV CVE-2026-56290 10.0 KEV CVE-2026-55447 9.6 CVE-2026-8037 9.6 CVE-2026-48313 9.3 CVE-2026-55450 9.3 CVE-2026-45659 8.8 KEV CVE-2026-55255 8.4 KEV CVE-2026-43499 7.8
Root sourcegithub.com
Timeline Coverage

Swipe to explore timeline