Threat actors are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload arbitrary files and execute PHP code, with Joomla warning that public exploit code and automated attacks are already in the wild. LiteSpeed’s cPanel plugin is also affected by CVE-2026-54420, a symlink-following flaw that can lead to root privilege escalation on shared hosting servers. #CVE-2026-48907 #CVE-2026-54420 #Joomla #LiteSpeed #CISA
Keypoints
- CVE-2026-48907 affects Joomla Content Editor (JCE) and enables unauthenticated profile uploads.
- Attackers are using the flaw to upload arbitrary files and run PHP code on servers.
- All JCE Pro versions before 2.9.99.5 are vulnerable, with extra protections in 2.9.99.6.
- CVE-2026-54420 in LiteSpeed’s cPanel plugin can allow root privilege escalation through symlink abuse.
- CISA added both vulnerabilities to its KEV catalog and ordered urgent patching deadlines.
Read More: https://www.securityweek.com/joomla-litespeed-vulnerabilities-exploited-in-attacks/