Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

Description

Threat actors are targeting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege escalation. Affecting the Joomla Content Editor (JCE) for Joomla and tracked as CVE-2026-48907, the first bug is described as an improper access issue that allows unauthenticated attackers to upload editor profiles. Attackers have been exploiting the flaw to upload arbitrary files to the server, leading to arbitrary PHP code execution.

Affected Products

Vendor	Product	Versions
joomlacontenteditor.net	joomla content editor (jce) extension for joomla	1.0.0-2.9.99.4, 2.9.99.5

References

https://www.joomlacontenteditor.net/(product)
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-48907.yaml(exploit, nuclei)

Related News (3 articles)

Tier D

SecurityWeek3h ago

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

→ No new info (linked only)

Tier D

The Hacker News5h ago

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

→ No new info (linked only)

Tier C

VulDB12d ago

CVE-2026-48907 | joomlacontenteditor Content Editor Extension up to 2.9.99.4 on Joomla JCE Editor Extension access control

→ No new info (linked only)

CISA KEV✅ Yes

Actively exploited✅ Yes

CWECWE-284, CWE-20

PublishedJun 5, 2026

Last enriched2h agov4

Community Vote

0 upvotes0 downvotes

No votes yet

Version History

Last enriched 2h ago

v4Tier D2h ago

Updated description with technical details, changed severity to HIGH, added CVSS estimate of 7.5, specified affected version 2.9.99.5, provided patch version 2.9.99.6, and included IoCs and MITRE ATT&CK technique T1203.

descriptionaffectedVersionstags

via SecurityWeek

v3Tier D3h ago

Updated severity to CRITICAL and CVSS score to 10.0, and added new CWE-20.

cweIds

via The Hacker News

v2Tier C12d ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v112d ago

Initial creation

Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

Description

Affected Products

References

Related News (3 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline

Version History