• Category: Security
  • Status: confirmed
  • Sources: CISA KEV catalog
  • Summary: CISA added CVE-2026-48907, an improper access control flaw in the Widget Factory Joomla Content Editor, to the Known Exploited Vulnerabilities catalog on 2026-06-16 (catalog version 2026.06.16, count 1622). No other vendor advisories with confirmed active exploitation surfaced today beyond items already tracked in follow-ups.
  • Why it matters: Federal agencies and Joomla operators running the affected editor extension face a remediation deadline; the addition is the only new KEV entry since the 2026-06-15 batch.
  • Follow-up: Track the Joomla extension vendor advisory and patched version.

Send feedback on this story