CVE-2026-48907

KEV EPSS 0.8%

hype ACTIVE HACK · 88 hack

KEV-listed, credible active exploitation signals, urgent patching underway, defenders responding.

What: Unauthenticated PHP code upload and execution in Joomla JCE (Joomla Content Editor) extension versions 1.0.0–2.9.99.4 via improper access control in editor profile creation. CVSS 10.0.

Why it matters: KEV-listed 2026-06-16, added to CISA's exploited vulnerabilities catalog one day before today. Multiple sources report active in-the-wild exploitation. Fixed version 2.9.99.5 available. High CVSS and immediate government listing signal urgent patch priority for defenders running affected Joomla instances.

Where it's seen: News outlets, threat intelligence feeds, and security Twitter reporting active exploitation. Defenders discussing monitoring, disabling JCE, and applying patches. Detection scripts circulating. No dispute over legitimacy—advisory published 2026-06-05, KEV addition 2026-06-16 corroborated across posts.

RISK: CRITICAL — KEV-listed RCE, CVSS 10.0, active exploitation, no authentication required.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/17/2026, 9:49:31 AM

Description

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Weaknesses

CWE-284

References

Other · 1

https://www.joomlacontenteditor.net/