← Back to blog

CISA Adds Four Actively Exploited Web App Flaws to KEV Catalog

CISA has added critical vulnerabilities in Adobe ColdFusion, Joomla, and Langflow to its Known Exploited Vulnerabilities list due to active exploitation. These flaws pose significant risks to web applications and require immediate patching.

TL;DR

  • CISA added four new vulnerabilities to its KEV catalog due to active exploitation
  • Includes a critical Adobe ColdFusion path traversal flaw (CVE-2026-48282) allowing arbitrary code execution
  • Joomla and Langflow vulnerabilities also identified as actively exploited
  • All affected organizations should prioritize patching these vulnerabilities immediately
  • These flaws represent high-risk attack vectors currently used by threat actors

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with four newly identified security flaws. These vulnerabilities affect widely-used web platforms including Adobe ColdFusion, Joomla, and Langflow, and are already being actively exploited by threat actors in the wild.

Organizations using these platforms face immediate risk, as CISA's inclusion in the KEV catalog indicates verified exploitation. The agency's advisory serves as a critical warning for security teams to prioritize remediation efforts and implement protective measures without delay.

Critical Adobe ColdFusion Vulnerability

  • CVE-2026-48282 carries a maximum CVSS score of 10.0, indicating critical severity
  • The path traversal vulnerability allows attackers to execute arbitrary code in the context of the server
  • This flaw affects Adobe ColdFusion installations and requires immediate patching
  • Successful exploitation could lead to complete system compromise and persistent access

Additional Platform Vulnerabilities

  • Joomla vulnerabilities included in the KEV update are also under active exploitation
  • Langflow flaws represent emerging threats in AI-powered development platforms
  • All three platforms require immediate security updates to prevent compromise
  • Organizations should verify their exposure and apply patches across all affected systems

Security Recommendations

  • Immediately audit systems for the presence of these vulnerable components
  • Apply official security patches from vendors as soon as possible
  • Implement network monitoring to detect potential exploitation attempts
  • Consider temporary mitigation measures if patching cannot be done immediately
  • Review and strengthen access controls for web-facing applications

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

CISA Adds Four Actively Exploited Web App Flaws to KEV Catalog — Agent Breach Blog | Agent Breach