What is CVE-2026-48907?
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
CISA Known Exploited Vulnerability
Widget Factory Joomla Content Editor Improper Access Control Vulnerability
Affected product
Widget Factory Joomla Content Editor
Remediation Steps
- Monitor CISA Known Exploited Vulnerabilities catalog for full details
- Consult CISA advisory and vendor documentation once available
- Assess applicability to your infrastructure
References
Coverage on defend.network
- Vulnerability Priority Report – Week 3 of June 2026 (June 15 – 21)
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.