Back to advisories

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

Four critical vulnerabilities across Adobe ColdFusion, Joomla Page Builder, Langflow, and JoomShaper SP Page Builder are actively exploited in the wild. Attackers are deploying web shells, stealing credentials including LLM and AWS keys, and establishing botnet/cryptojacking infrastructure. Any organization running these products is at immediate risk.

CRITICALAdvisoryJul 09, 2026
Action required
Immediately scan for installations of Adobe ColdFusion, Joomla Page Builder, Langflow, and JoomShaper SP Page Builder. Patch to fixed versions. Hunt for web shells, suspicious file uploads, and outbound connections to unknown IPs on affected hosts. Review CloudTrail/AWS logs for unauthorized API activity.
Affected products
AdobeJoomlaJoomShaperLangflowAdobe ColdFusion