Active Exploitation of Critical Vulnerabilities in Joomla Extensions
10 July 2026
Attackers are exploiting critical vulnerabilities in Joomla's SP Page Builder and Page Builder CK extensions to upload malicious files and execute arbitrary code. Patch immediately.
Background
Joomla is a content management system for websites. Security updates were released in June 2026 to address two critical vulnerabilities (CVE-2026-48908 and CVE-2026-56290) affecting Joomla extensions: SP Page Builder and Page Builder CK. These vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.
Impact
Successful exploitation of these vulnerabilities allows an unauthenticated attacker to upload arbitrary files, potentially resulting in remote code execution and complete takeover of the affected website.
Known Exploitation
These vulnerabilities are reportedly under active exploitation.
Affected Products
These vulnerabilities affect the following products:
CVE-2026-48908
SP Page Builder Extension for Joomla versions prior to 6.6.2.
CVE-2026-56290
Page Builder CK Extension for Joomla versions prior to 3.6.0.
Recommendations
Users and administrators of affected products are advised to update to the latest versions immediately.
Administrators should also review their websites for signs of compromise, including unauthorised account creation and suspicious file uploads.
References
https://thehackernews.com/2026/07/cisa-adds-4-actively-exploited-adobe.html
