# CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

_Wednesday, July 8, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV — Primary](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZn36WwWfaOwK7XCU9aKjVPS7QAyrnBKsKMXtVRyYbD2X30HI-ojl5F8ttD9VcbXB36anuKWq-JGEhzPq1fjwnEhKPKMjkPDMPAFe8OqR85N1dc0QZoZ7JCN9ziqGuQ8M4irelfxa_zca62EV-s9qBO9WI47ECtzM8Zi2X8T-MFfuRRbJQ8u48Y2RRt3UT/s1700-e365/cisa-main.jpg)

The U.S. Cybersecurity and Infrastructure Security Agency added four actively exploited security flaws to its Known Exploited Vulnerabilities catalog on July 8, 2026. CISA announced the additions after receiving evidence of active exploitation in the wild. The flaws include CVE-2026-48282, a path traversal vulnerability in Adobe ColdFusion with CVSS score of 10.0 that could lead to arbitrary code execution in the context of the current user; CVE-2026-56290, an improper access control vulnerability in Joomlack Page Builder with CVSS score of 10.0 that could allow for remote code execution via unauthenticated arbitrary file upload; CVE-2026-55255, an authorization bypass through a user-controlled key vulnerability in Langflow with CVSS score of 6.1 that could allow an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request; and CVE-2026-48908, an unrestricted upload of a file with a dangerous type vulnerability in JoomShaper SP Page Builder with CVSS score of 10.0.

## Sources

- [The Hacker News](https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html)

---
Canonical: https://techandbusiness.org/newswire/p9L5AVJjTpTcQqdqTSGmje
Retrieved: 2026-07-09T00:58:03.453Z
Publisher: Tech & Business (techandbusiness.org)
