general · TheHackerNews
CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The flaws affect Adobe ColdFusion (CVE-2026-48282, CVSS 10.0, path traversal leading to arbitrary code execution), Joomla Page Builder (CVE-2026-56290, CVSS 10.0, unauthenticated file upload enabling remote code execution), Langflow (CVE-2026-55255, CVSS 6.1, authorization bypass allowing authenticated attackers to execute flows belonging to other users), and JoomShaper SP Page Builder (CVE-2026-48908, CVSS 10.0, unauthenticated arbitrary file upload leading to PHP code execution). Exploitation has been observed in the wild, including CVE-2026-48282 being exploited within hours of disclosure, CVE-2026-48908 deployed as a zero-day to create web shells, and CVE-2026-55255 combined with CVE-2026-33017 in campaigns stealing LLM provider keys and AWS credentials. Federal agencies have been directed to patch by July 10, 2026.
Organizations using these products—particularly those managing cloud infrastructure, SaaS platforms, or content management systems—should prioritize patching. For SaaS teams, the Langflow IDOR vulnerability demonstrates how multi-tenant environments face cross-tenant risks; SOC2 audits will expect evidence of timely remediation and access controls preventing lateral movement. Defense contractors and healthcare providers relying on these frameworks should verify patching status as part of NIST 800-171 and HIPAA vulnerability management obligations. An Omniware engagement can assess exposure in your technology stack and prioritize remediation risk.
Source: The Hacker News - https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
Source: TheHackerNews
All briefings