VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CVE-2026-48907: CISA — active exploitation of JCE in Joomla. Update to 2.9.99.5 immediately

CVE-2026-48907: CISA — активная эксплуатация уязвимости JCE в Joomla. Срочно обновите до 2.9.99.5

Colleagues, a cybersecurity alert: CISA added the JCE vulnerability (CVE-2026-48907) to KEV.

What happened:
- CVSS 10.0 allows unauthenticated actors to create editor profiles, upload and execute PHP.
- Affects JCE 1.0.0–2.9.99.4; fixed in 2.9.99.5 (2026-06-03). Federal agencies must patch by 2026-06-19.

Related campaigns:
- Attacks on WordPress plugins (OptinMonster, TrustPulse, PushEngage) inject JS, install backdoors and web shells, and gain full filesystem access.

Why it matters: remote PHP execution leads to server compromise and loss of availability and integrity.

What steps have you taken to protect systems?

#cybersecurity #Joomla #WordPress #vulnerabilities

Latest comments

No comments yet.