Jessica Entwistle
July 9 2026
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. The vulnerabilities affect JoomShaper SP Page Builder (CVE-2026-48908), Langflow (CVE-2026-55255), and Joomlack Page Builder (CVE-2026-56290). CVE-2026-48908 is an unrestricted file upload vulnerability that allows attackers to upload and execute malicious files on affected systems. CVE-2026-55255 is an authorisation bypass flaw that allows attackers to gain unauthorised access through user-controlled keys. CVE-2026-56290 is an improper access control vulnerability that allows attackers to bypass security restrictions. CISA's inclusion of these vulnerabilities in the KEV Catalog indicates that they are being actively exploited in the wild, and federal agencies are required to patch them within a specified timeframe.
While CISA's directives are aimed at US federal agencies, the KEV Catalog is widely used by UK organisations as a practical reference for prioritising patching activity. The vulnerabilities listed affect third-party components commonly used in web applications and content management systems, which means they may be present in a wide range of UK business environments, particularly where organisations use Joomla-based websites or low-code development platforms like Langflow. The fact that these vulnerabilities are being actively exploited means that attackers are already scanning for and targeting vulnerable systems, and organisations that have not yet patched are at immediate risk of compromise. Unrestricted file upload vulnerabilities are particularly dangerous because they allow attackers to upload web shells or other malicious code that can be executed on the server, providing a foothold for further compromise. Authorisation bypass and access control flaws allow attackers to gain administrative access or access sensitive data without proper authentication.
UK businesses should check whether any of these components are in use within their web applications, content management systems, or development platforms, and prioritise patching if they are present. It is worth reviewing how your organisation tracks and responds to CISA KEV updates, as they provide a reliable signal of vulnerabilities that are being actively exploited and should be treated as high priority regardless of your organisation's location or sector. Organisations should also review how third-party components and plugins are managed within web applications, including how updates are tested and deployed, and how the security posture of these components is monitored over time. For organisations using Joomla or similar content management systems, this is a prompt to ensure that all plugins and extensions are kept up to date, and that any unused or unsupported components are removed. It is also worth checking that web application firewalls, intrusion detection systems and logging are configured to detect and alert on suspicious file upload activity or unauthorised access attempts.
Source: CISA