Ethical Hacking News
Four newly added vulnerabilities in Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder pose significant risks to various software applications and systems. Prompt patching and proactive vulnerability management are crucial to safeguard networks from potential breaches.
Four vulnerabilities (CVE-2026-48282, CVE-2026-56290, CVE-2026-55255, and CVE-2026-48908) have been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA. CVE-2026-48282 allows arbitrary code execution in Adobe ColdFusion, while CVE-2026-56290 enables remote code execution via unauthenticated file uploads in Joomlack Page Builder. CVE-2026-55255 is an authorization bypass vulnerability in Langflow that can be exploited for cross-tenant IDOR attacks. CVE-2026-48908 allows unrestricted file uploads with a dangerous type vulnerability in JoomShaper SP Page Builder.
In a stark reminder of the ever-evolving landscape of cybersecurity threats, The Hacker News recently announced that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, identified as CVE-2026-48282, CVE-2026-56290, CVE-2026-55255, and CVE-2026-48908, pose significant risks to various software applications and systems, underscoring the importance of prompt patching and proactive vulnerability management.
CVE-2026-48282, a path traversal vulnerability in Adobe ColdFusion, has been observed to lead to arbitrary code execution within the context of the current user. This critical flaw allows attackers to inject malicious code, potentially compromising sensitive data or facilitating lateral movement within an organization's network. The swift exploitation of this vulnerability by threat actors, including a recorded incident from an IP address geolocated to India ("103.207.14[.]220"), highlights the need for swift action.
The improper access control vulnerability in Joomlack Page Builder (CVE-2026-56290) enables remote code execution via unauthenticated arbitrary file uploads. This flaw can be exploited by attackers to upload malicious files, potentially leading to a web shell being deployed on susceptible sites. The Joomla and WordPress site manager service has documented exploitation efforts aimed at CVE-2026-56290 as of June 27, 2026, with the first confirmed web shell observed sitting at /media/com_pagebuilderck/gfonts/bhup.php.
CVE-2026-55255 is an authorization bypass through a user-controlled key vulnerability in Langflow. This flaw allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request, effectively enabling cross-tenant insecure direct object reference (IDOR) attacks. Sysdig observed this vulnerability being exploited alongside CVE-2026-33017 as part of a sustained campaign that lasted between June 22 and June 25, 2026.
The final vulnerability added to the KEV catalog is CVE-2026-48908, an unrestricted upload of a file with a dangerous type vulnerability in JoomShaper SP Page Builder. This flaw allows unauthenticated users to upload arbitrary files, which ultimately results in the upload and execution of PHP code. The exploitation of this vulnerability was observed as a zero-day attack, where an attempt was recorded from an IP address geolocated to India ("103.207.14[.]220").
The rapid addition of these four vulnerabilities to the KEV catalog underscores the importance of proactive security measures. Federal Civilian Executive Branch (FCEB) agencies are advised to apply the fixes by July 10, 2026, to safeguard their networks and mitigate potential risks.
The swift exploitation of these vulnerabilities highlights the ever-evolving nature of cybersecurity threats. Organizations must remain vigilant and proactive in addressing software vulnerabilities to prevent similar breaches and minimize potential damage. By prioritizing vulnerability management and implementing robust security controls, organizations can reduce the risk of successful attacks and protect sensitive data.
In conclusion, the addition of four actively exploited flaws to the KEV catalog serves as a stark reminder of the importance of proactive cybersecurity measures. Organizations must take swift action to address these vulnerabilities, prioritize vulnerability management, and implement robust security controls to mitigate potential risks.
Four newly added vulnerabilities in Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder pose significant risks to various software applications and systems. Prompt patching and proactive vulnerability management are crucial to safeguard networks from potential breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Adds-Four-Actively-Exploited-Flaws-to-KEV-A-Cautionary-Tale-of-Software-Vulnerability-and-Cybersecurity-Threats-ehn.shtml
https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
https://nvd.nist.gov/vuln/detail/CVE-2026-48282
https://www.cvedetails.com/cve/CVE-2026-48282/
https://nvd.nist.gov/vuln/detail/CVE-2026-56290
https://www.cvedetails.com/cve/CVE-2026-56290/
https://nvd.nist.gov/vuln/detail/CVE-2026-55255
https://www.cvedetails.com/cve/CVE-2026-55255/
https://nvd.nist.gov/vuln/detail/CVE-2026-48908
https://www.cvedetails.com/cve/CVE-2026-48908/
Published: Wed Jul 8 01:53:15 2026 by llama3.2 3B Q4_K_M