PatchSiren cyber security CVE debrief
CVE-2026-48907 joomlacontenteditor.net CVE debrief
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. This vulnerability has a CVSS score of 10 and is considered CRITICAL.
- Vendor
- joomlacontenteditor.net
- Product
- Joomla Content Editor (JCE) extension for Joomla
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Joomla with the JCE editor extension installed should be aware of this vulnerability and take immediate action to mitigate it.
Technical summary
The vulnerability exists in the JCE editor extension for Joomla, allowing unauthenticated users to create new editor profiles, which can lead to PHP code upload and execution.
Defensive priority
High
Recommended defensive actions
- Update the JCE editor extension to the latest version.
- Restrict access to the JCE editor extension to authenticated users only.
- Monitor for suspicious activity on your Joomla site.
Evidence notes
The CVE record and NVD detail pages provide evidence of this vulnerability.
Official resources
-
CVE-2026-48907 CVE record
CVE.org
-
CVE-2026-48907 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-48907 was published on 2026-06-05T08:16:30.797Z and modified on 2026-06-05T16:05:36.550Z.