Security
CISA adds Joomla Content Editor access-control flaw to KEV on 2026-06-16
- Category: Security
- Status: confirmed
- Sources: CISA KEV catalog
- Summary: CISA added CVE-2026-48907, an improper access control flaw in the Widget Factory Joomla Content Editor, to the Known Exploited Vulnerabilities catalog on 2026-06-16 (catalog version 2026.06.16, count 1622). No other vendor advisories with confirmed active exploitation surfaced today beyond items already tracked in follow-ups.
- Why it matters: Federal agencies and Joomla operators running the affected editor extension face a remediation deadline; the addition is the only new KEV entry since the 2026-06-15 batch.
- Follow-up: Track the Joomla extension vendor advisory and patched version.