CVE-2026-48907

Summary

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Affected Software

VendorProductVersion RangeStatus
joomlacontenteditor.netJoomla Content Editor (JCE) extension for Joomla1.0.0-2.9.99.4affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References