The Hacker News ·EN News source Exploited in the wildAdobe ColdFusionJoomlack Page BuilderJoomShaper SP Page Builder
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CVE Tools coverage
The U.S. CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active in-the-wild abuse affecting Adobe ColdFusion, Joomlack Page Builder, JoomShaper SP Page Builder, and Langflow. The affected CVEs are CVE-2026-48282 and CVE-2026-56290 (both with CVSS 10.0), CVE-2026-55255, and CVE-2026-48908 (CVSS 10.0), spanning issues like path traversal and improper access control that can enable remote code execution and other takeovers. This matters because KEV-listed bugs are prioritized for remediation, with FCEB agencies advised to patch by July 10, 2026.