CVE-2026-48907: Widget Factory Joomla Content Editor Improper Access Control Vulnerability

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
CVE-2026-48907CVSS 10.0CISA KEVWeb

CVE-2026-48907: Widget Factory Joomla Content Editor Improper Access Control Vulnerability

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

CVSS
10.0 CRITICAL
EPSS
99.57%
Known exploited
yes
Product
Joomla Content Editor

What is known

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Sources