CISA Adds 4 Actively Exploited Adobe, Joomla, Langflow Flaws to KEV Catalog
CISA added four critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including path traversal in Adobe ColdFusion and unauthenticated file upload flaws in Joomla page builders, all showing active exploitation.
Attack Brief
TargetAdobe ColdFusion, Joomla Page Builder (PageBuilder CK), JoomShaper SP Page Builder, LangflowVectorPath traversal, improper access control, authorization bypass, unrestricted file upload leading to remote code executionAttributionunattributed
Technical Details
CVE IDsCVE-2026-48282CVE-2026-56290CVE-2026-55255CVE-2026-48908MITRE ATT&CKT1190T1190.001T1548IoCs103.207.14.220/media/com_pagebuilderck/gfonts/bhup.phpAffectedAdobe ColdFusion (unspecified versions); Joomla PageBuilder CK (prior to 3.6.0); JoomShaper SP Page Builder (prior to 6.6.2); Langflow (unspecified versions)
Impact
Confirmed DamageArbitrary code execution, PHP web shell deployment, Super User account creation, remote code execution via unauthenticated file uploadGeographyIndia
Mitigation
PatchesPageBuilder CK version 3.6.0 or laterSP Page Builder version 6.6.2 or laterDetectionMonitor for PHP files in /media/com_pagebuilderck/, /images, /media, /templates, and /admin directories; search for POST requests to index.php?option=com_sppagebuilder&task=asset.uploadCustomIcon endpoint; inspect for $_POST['_upl'] field activity
Context
Similar AttacksCVE-2026-48282 exploitation observed within hours of public disclosure; CVE-2026-48908 exploited as zero-day; CVE-2026-56290 exploitation recorded as of June 27, 2026 to deliver web shells
Source
https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.htmlby The Hacker Newson 2026-07-08T00:00:00Z3 sources