CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws

CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws
CISA warned that attackers are actively exploiting critical vulnerabilities in Adobe ColdFusion, Langflow, and two Joomla extensions, with exploitation observed soon after patches were released. The flaws have been added to the KEV catalog, and federal agencies must patch them quickly to reduce the risk of remote code execution and web shell deployment. #AdobeColdFusion #Langflow #Joomla #SPPageBuilder #PageBuilderCK #CISA #KEV

Keypoints

  • CISA confirmed active exploitation of vulnerabilities in Adobe ColdFusion, Langflow, and two Joomla extensions.
  • CVE-2026-48282 in Adobe ColdFusion can allow arbitrary code execution through a path traversal flaw.
  • CVE-2026-55255 in Langflow lets attackers trigger other users’ flows and was chained with CVE-2026-33017.
  • SP Page Builder and Page Builder CK flaws were abused to gain remote code execution and plant hidden accounts or web shells.
  • CISA added the flaws to its KEV catalog and ordered federal agencies to patch them within three days.

Read More: https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/