Active exploitation of critical vulnerabilities in Joomla extensions
Joomla is a content management system for websites. Security updates were released in June 2026 to address two critical vulnerabilities (CVE-2026-48908 and CVE-2026-56290) affecting Joomla extensions: SP Page Builder and Page Builder CK.
These vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.
Successful exploitation of these vulnerabilities allows an unauthenticated attacker to upload arbitrary files, potentially resulting in remote code execution and complete takeover of the affected website.