Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilities are being weaponized in the wild with CISA enforcement deadlines for federal systems.

CRITICALAdvisoryJun 18, 2026

Action required

Immediately patch Joomla JCE to version 2.9.99.5 or later on all instances. Update LiteSpeed cPanel plugin to the patched version. Hunt for suspicious PHP uploads in web directories and check logs for exploitation attempts targeting file upload endpoints.

Affected products

Joomla Content Editor (JCE)LiteSpeed cPanel PluginJoomla ProjectLiteSpeed TechnologiesCloudLinux/CageFS

CVE IDs

CVE-2026-48907 CVE-2026-54420

Linked articles

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Source links

https://www.securityweek.com/joomla-litespeed-vulnerabilities-exploited-in-attacks/