JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch Release
Summary
Hide ▲
Show ▼
JCE security team released JCE Pro 2.9.99.6 in early June 2026 to fix CVE-2026-48907 in the Widget Factory Joomla Content Editor (JCE) plugin. The update addresses an improper access control flaw that could let unauthenticated attackers upload and execute PHP code on Joomla deployments. Public reporting says the flaw is actively exploited and users should patch installations as soon as possible.
Related Happenings
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
How related:
On Tuesday, CISA added the vulnerability to its list of actively exploited vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their systems by Friday, as required by Binding Operational Directive (BOD) 26-04.
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionHow related: On Tuesday, CISA added the vulnerability to its list of actively exploited vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their systems by Friday, as required by Binding Operational Directive (BOD) 26-04.
About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
LiteLLM v1.83.14-stable security fix release (multiple vulnerabilities)
Security Patch Release
H score42
First: 15.06.2026 19:39
Last: 15.06.2026 19:39
Sources 1
About this happening:
**BerriAI** shipped **LiteLLM v1.83.14-stable** to close a **three-CVE chain** that could let a low-privilege proxy user reach **full admin** and **run code on the server**. The u...
LiteLLM v1.83.14-stable security fix release (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **BerriAI** shipped **LiteLLM v1.83.14-stable** to close a **three-CVE chain** that could let a low-privilege proxy user reach **full admin** and **run code on the server**. The u...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch Release
H score55
First: 27.05.2026 13:06
Last: 27.05.2026 13:06
Sources 1
About this happening:
LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch ReleaseAbout this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
Latest development: 16.06.2026 13:47
CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.
Drupal core security update for CVE-2026-9082
Security Patch Release
H score55
First: 22.05.2026 16:14
Last: 22.05.2026 16:14
Sources 1
About this happening:
**Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Drupal core security update for CVE-2026-9082
Security Patch ReleaseAbout this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Timeline
-
17.06.2026 13:09 2 articles · 2h ago
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Initial Disclosure**JCE Pro 2.9.99.6** was released in **early June 2026** to remediate **CVE-2026-48907** in the Joomla editor plugin. The patch closes the vulnerable access-control path, but sites already compromised still need separate cleanup.
Show sources
- CISA orders feds to patch max severity Joomla plugin flaw by Friday — www.bleepingcomputer.com — 17.06.2026 13:09
- CISA orders feds to patch max severity Joomla plugin flaw by Friday — www.bleepingcomputer.com — 17.06.2026 13:09