What is CVE-2026-48908?
JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
Timeline
- 2026-07-07Added to the CISA Known Exploited Vulnerabilities (KEV) catalog
- 2026-07-10CISA federal remediation deadline (BOD 22-01)
CISA Known Exploited Vulnerability
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
Affected product
JoomShaper SP Page Builder
Remediation Steps
- Identify all JoomShaper SP Page Builder installations
- Apply the vendor security patch
- Review recent administrative activity and file modifications
- Audit user accounts and reset suspicious credentials
References
Referenced in our briefings & reports
- Vulnerability Priority Report – Week 1 of July 2026 (July 6 – 12)
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.