Close Menu
    What's Hot

    Celtic transfer news: Martin O’Neill confident Camilo Duran deal will only be start of summer signings | Football News

    This Former DeepMind Exec Thinks the AI Arms Race Could End in Disaster

    Inside a Private Dinner Party by Scottish-Sikh Chef Tony Singh

    Facebook X (Twitter) Instagram
    Trending
    • Celtic transfer news: Martin O’Neill confident Camilo Duran deal will only be start of summer signings | Football News
    • This Former DeepMind Exec Thinks the AI Arms Race Could End in Disaster
    • Inside a Private Dinner Party by Scottish-Sikh Chef Tony Singh
    • This latest frightening ransomware attack was orchestrated entirely by an LLM
    • Ruling Class Clowns by James Livingston
    • Opinion | ‘You Do It Because They’re Your Parents’
    • Opinion | ‘Trump’s Intervention Had an Impact’: 3 Writers on America’s World Cup Exit
    • Why Democrats Would Probably Come Out Ahead if Platner Dropped Out
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

    adminBy adminJuly 8, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananJul 08, 2026AI Security / Vulnerability

    CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

    The vulnerabilities are listed below –

    • CVE-2026-48282 (CVSS score: 10.0) – A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of the current user.
    • CVE-2026-56290 (CVSS score: 10.0) – An improper access control vulnerability in Joomlack Page Builder that could allow for remote code execution via unauthenticated arbitrary file upload.
    • CVE-2026-55255 (CVSS score: 6.1) – An authorization bypass through a user-controlled key vulnerability in Langflow that could allow an authenticated attacker to execute any flow belonging to another user by specifying the victim’s flow ID in the request.
    • CVE-2026-48908 (CVSS score: 10.0) – An unrestricted upload of a file with a dangerous type vulnerability in JoomShaper SP Page Builder that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

    It’s worth noting that exploitation of CVE-2026-48282 was observed within hours of public disclosure, with Ryan Dewhurst, security researcher and founder of KEVIntel, telling The Hacker News that an attempt was recorded from an IP address geolocated to India (“103.207.14[.]220”).

    Cybersecurity

    CVE-2026-48908, on the other hand, is said to have been exploited as a zero-day to upload a PHP file by means of an HTTP POST request to the “index.php?option=com_sppagebuilder&task=asset.uploadCustomIcon” endpoint, followed by the appearance of a new Super User account, per mySites.guru. Users of SP Page Builder are advised to update to version 6.6.2 or later.

    The Joomla and WordPress site manager service has also recorded exploitation efforts aimed at CVE-2026-56290 as of June 27, 2026, to deliver a web shell on susceptible sites. The issue has been addressed in Page Builder CK version 3.6.0.

    “The first confirmed web shell we caught sat at /media/com_pagebuilderck/gfonts/bhup.php, an uploader shell keyed on a $_POST[‘_upl’] field,” mySites.guru explained.

    “Because the flaw lets the attacker pick the destination folder, a planted file could be anywhere, not just the obvious upload directories, so look for stray PHP files under /media/com_pagebuilderck/ first and then more widely under /images, /media, /templates, and /administrator.”

    As for CVE-2026-55255, Sysdig revealed late last month that it observed a lone operator (“45.207.216[.]55”) weaponizing the vulnerability along with CVE-2026-33017, an unauthenticated remote code execution flaw in Langflow, as part of a sustained campaign that lasted between June 22 and June 25, 2026.

    “On June 25, 2026, the operator (45.207.216[.]55) returned to an internet-exposed Langflow instance they had first probed three days before and ran a tight, methodical session: application/auth reconnaissance → flow enumeration → the CVE-2026-55255 IDOR → a sustained loop of the CVE-2026-33017 RCE with outbound connection attempts,” Sysdig’s Michael Clark said.

    The activity is assessed to be opportunistic and financially motivated. The exploitation of CVE-2026-33017 is followed by the deployment of payloads designed to fetch a second-stage downloader responsible for delivering additional malware. This attack chain is consistent with botnet and cryptojacking attacks. That said, the exact nature of the final payload is unknown.

    Cybersecurity

    The cloud security company has described CVE-2026-55255 as a case of cross-tenant insecure direct object reference (IDOR), which the threat actor exploited to steal large language model (LLM) provider keys and AWS keys.

    “AI orchestration platforms are a trove of credentials in their own right, and this operator clearly knew it,” Sysdig said. “The RCE went after the host, while the IDOR went after other tenants’ flows and their keys.”

    The development makes it the latest Langflow flaw to be exploited by bad actors over the past year after CVE-2025-3248, CVE-2026-0770, CVE-2026-33017, CVE-2026-21445, CVE-2025-34291, and CVE-2026-5027.

    Last week, Sysdig also documented the first known case of agentic ransomware in which a human operator deployed an artificial agent and provisioned the necessary infrastructure to let the agent handle the entire extortion operation from start to finish by exploiting the CVE-2025-3248 Langflow flaw. It has been codenamed JADEPUFFER.

    In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are advised to apply the fixes by July 10, 2026, to safeguard their networks.

    Actively adds Adobe CISA Exploited Flaws Joomla KEV Langflow
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleAt Chanel, Matthieu Blazy’s Alternative to Ozempic Dressing
    Next Article Spruce Biosciences Possibly First In-MPS IIIB Class Enzyme Replacement Therapy
    admin
    • Website

    Related Posts

    15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

    July 8, 2026

    Trump’s arrival in Turkey for NATO summit adds drama and spectacle

    July 8, 2026

    Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

    July 7, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Celtic transfer news: Martin O’Neill confident Camilo Duran deal will only be start of summer signings | Football News

    This Former DeepMind Exec Thinks the AI Arms Race Could End in Disaster

    Inside a Private Dinner Party by Scottish-Sikh Chef Tony Singh

    This latest frightening ransomware attack was orchestrated entirely by an LLM

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by