CVE-2026-49075 Jetimpex Inc. CVE debrief

Who should care

Administrators and users of the JetEngine plugin version 3.8.9.1 and earlier should be aware of this critical vulnerability. Updating to the latest version of the plugin is highly recommended to prevent potential exploitation.

Technical summary

The CVE-2026-49075 vulnerability is a PHP object injection issue in the JetEngine plugin. It has been assigned a CVSS score of 9.8, indicating critical severity. The vulnerability allows for unauthenticated attacks with high impact on confidentiality, integrity, and availability. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is categorized under CWE-502.

Defensive priority

high

Recommended defensive actions

• Update the JetEngine plugin to the latest version.
• Review and monitor the system for potential suspicious activity.
• Implement additional security measures such as web application firewalls.
• Restrict access to the plugin and system.
• Regularly update and patch all plugins and software.
• Consider implementing a vulnerability management program.
• Monitor for indicators of compromise.

Evidence notes

The information provided is based on data from [nvd] and [ref-4]. The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information and potential mitigations can be found at [ref-4].

Official resources