CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
CISA added CVE-2026-48907 in Joomla JCE to its KEV catalog after active exploitation; fixes are due by June 19.
More info