Critical Vulnerabilities in Joomla Extensions Under Active Exploitation, Urgent Patching Advised
The Cyber Security Agency of Singapore (CSA) has issued an alert regarding the active exploitation of critical vulnerabilities (CVE-2026-48908 and CVE-2026-56290) in Joomla's SP Page Builder and Page Builder CK extensions. These flaws, with a CVSS v3.1 score of 9.8, allow unauthenticated attackers to upload arbitrary files and execute remote code, potentially leading to a complete takeover of affected websites. Users and administrators are urged to update to the latest versions immediately and check for signs of compromise.
Want more?
Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.