Skip to content

CISA Registers Four Actively Exploited Security Vulnerabilities in Adobe, Joomla, and Langflow Software

In a nutshell: CISA documents four actively exploited security vulnerabilities in widely used enterprise software, including a critical path-traversal flaw in Adobe ColdFusion with maximum CVSS rating.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities to its Known Exploited Vulnerabilities catalogue and confirmed active exploitation. Among them is a critical flaw in Adobe ColdFusion with a CVSS score of 10.0.

The US agency CISA has added four security vulnerabilities to its public Known Exploited Vulnerabilities directory after documenting evidence of active exploitation in the wild. The registration signals that attackers are already leveraging these security vulnerabilities in targeted attacks.

One of the added vulnerabilities is CVE-2026-48282 with the maximum CVSS score of 10.0 — a path-traversal weakness in Adobe ColdFusion that can lead to arbitrary code execution in the context of the affected system. This critical rating underscores the highest level of attack risk.

For security professionals, inclusion in the KEV catalogue means these vulnerabilities must be prioritized as particularly urgent. CISA entries serve as a reference point for federal agencies and critical infrastructure operators in mandatory patch planning. Affected Adobe, Joomla, and Langflow systems should be checked for updated versions and patched immediately upon discovery.


Source: thehackernews.com · Published 8 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.3.

Share on: