[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:joomla-litespeed-vulnerabilities-exploited-in-attacks-mqjta5ss":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":14,"action_required":20,"article_ids":21,"ioc_summary":23,"source_urls":24,"status":26,"expires_at":27,"created_at":28,"updated_at":29,"articles":30},"26e1a4c8-ae44-476c-8ba7-f023c1b0eb6d","Joomla, LiteSpeed Vulnerabilities Exploited in Attacks","joomla-litespeed-vulnerabilities-exploited-in-attacks-mqjta5ss","Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilities are being weaponized in the wild with CISA enforcement deadlines for federal systems.","critical","advisory",[12,13],"CVE-2026-48907","CVE-2026-54420",[15,16,17,18,19],"Joomla Content Editor (JCE)","LiteSpeed cPanel Plugin","Joomla Project","LiteSpeed Technologies","CloudLinux\u002FCageFS","Immediately patch Joomla JCE to version 2.9.99.5 or later on all instances. Update LiteSpeed cPanel plugin to the patched version. Hunt for suspicious PHP uploads in web directories and check logs for exploitation attempts targeting file upload endpoints.",[22],"4161ca8e-eeeb-4c11-938f-2b7004c67033",null,[25],"https:\u002F\u002Fwww.securityweek.com\u002Fjoomla-litespeed-vulnerabilities-exploited-in-attacks\u002F","active","2026-06-20T18:06:23.888+00:00","2026-06-18T18:06:31.197429+00:00","2026-06-18T18:07:46.080653+00:00",[31],{"id":22,"title":6,"url":25}]