Vulnerabilities4 min read
CISA Orders Patch for CVSS 10 Joomla JCE Flaw by June 19
CVE-2026-48907 in Joomla Content Editor allows unauthenticated attackers to upload and execute PHP code. CISA added it to the KEV catalog after active exploitation deploying web shells.
Marcus ChenJun 18, 2026