CISA adds three known exploited vulnerabilities to catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation:
CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability, CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability, CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability.
These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.