> TritonInfoSec News
Home / Jun 18, 2026 / Story
0
#6 The Hacker News general June 17, 2026 at 05:50 UTC

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

By [email protected] (The Hacker News)

AI Summary

CISA added CVE-2026-48907 (CVSS 10.0), an improper access control flaw in the Widget Factory Joomla Content Editor (JCE) plugin enabling arbitrary PHP code execution, to its KEV catalog with a patch deadline of Friday for federal agencies. The maximum severity score and active exploitation make this urgent for any organization running Joomla with the JCE plugin installed.

Read full article → https://thehackernews.com/2026/06/cisa-warns-of-ac…

Relevance score: 84.0/100

# More from June 18

  1. 1
    Massive breach spills credentials for thousands of sensitive networks Ars Technica Security
  2. 2
    FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. BleepingComputer
  3. 3
    Critical Fortinet FortiSandbox flaws now exploited in attacks BleepingComputer
  4. 4
    Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development The Hacker News
  5. 5
    144 Mastra npm Packages Compromised via Hijacked Contributor Account The Hacker News
  6. 7
    Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack SecurityWeek
  7. 8
    GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say The Record
  8. 9
    Critical Copilot vulnerability allowed hackers to seal 2FA code from users Ars Technica Security
  9. 10
    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats The Hacker News