The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog, adding four critical security flaws that are currently being exploited. These vulnerabilities affect popular platforms such as Adobe ColdFusion, Joomla, and Langflow, presenting significant risks to users.
Critical Vulnerabilities Identified
The newly listed vulnerabilities include CVE-2026-48282, a path traversal flaw in Adobe ColdFusion with a maximum CVSS score of 10.0, allowing arbitrary code execution. Similarly, CVE-2026-56290, affecting Joomlack Page Builder, also scores a 10.0 and permits remote code execution through unauthorized file uploads.
In Langflow, CVE-2026-55255 enables attackers to manipulate user-controlled keys, potentially executing any flow by specifying another user’s ID. Lastly, CVE-2026-48908 in JoomShaper SP Page Builder allows the execution of arbitrary PHP code due to unrestricted file uploads.
Immediate Exploitation Reports
Exploitation of CVE-2026-48282 was detected shortly after it was publicly disclosed, with attempts originating from an IP address in India. Additionally, CVE-2026-48908 has been used in zero-day attacks to create unauthorized Super User accounts via PHP file uploads.
Exploitation efforts targeting CVE-2026-56290 were observed as early as June 27, 2026, aiming to install web shells on vulnerable sites. This issue has been addressed with updates in Page Builder CK version 3.6.0.
Impact and Response
Langflow’s vulnerability CVE-2026-55255 has been used in conjunction with CVE-2026-33017 in financially motivated attacks, characterized by botnet and cryptojacking activities. These vulnerabilities are exploited to steal credentials, including AWS keys, which highlights the critical need for security updates.
The recent wave of exploits emphasizes the importance of patching and updating systems promptly. Federal Civilian Executive Branch agencies have been advised to implement necessary fixes by July 10, 2026, to protect their networks from these active threats.
As cyber threats evolve, staying informed and proactive is essential in safeguarding digital assets. Users of the affected platforms should ensure their software is updated to the latest versions to mitigate any potential risks.
