CVE-2026-48907

CRITICAL LAB

Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-48907. PoCs published by 0xBlackash, ywh-jfellus, webshellseo8.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-48907, an unauthenticated RCE vulnerability in JCE (Joomla Content Editor) caused by improper access control (CWE-284). It includes root cause analysis, exploitation flow, mitigation steps, and detection opportunities but does not contain actual exploit code.

Description

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Exploits (3)

github WRITEUP
by 0xBlackash · poc
https://github.com/0xBlackash/CVE-2026-48907

This repository provides a detailed technical analysis of CVE-2026-48907, an unauthenticated RCE vulnerability in JCE (Joomla Content Editor) caused by improper access control (CWE-284). It includes root cause analysis, exploitation flow, mitigation steps, and detection opportunities but does not contain actual exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: JCE (Joomla Content Editor) < 2.9.99.5
No auth needed
Prerequisites: Vulnerable JCE installation · Network access to the target
devstral-2 · analyzed Jun 12, 2026 Full analysis →
github WORKING POC
by ywh-jfellus · shellpoc
https://github.com/ywh-jfellus/CVE-2026-48907

This repository contains a functional exploit PoC for CVE-2026-48907, targeting a Joomla vulnerability. The exploit demonstrates arbitrary file upload and remote code execution by uploading a malicious PHP file to the tmp/ directory and executing it.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Joomla (specific version not specified)
Auth required
Prerequisites: CSRF token extraction · access to the Joomla admin interface
devstral-2 · analyzed Jun 11, 2026 Full analysis →
github WORKING POC
by webshellseo8 · pythonpoc
https://github.com/webshellseo8/CVE-2026-48907-Unauthenticated-RCE-in-JCE

This repository contains a functional exploit for CVE-2026-48907, an unauthenticated RCE vulnerability in JCE Joomla. The exploit automates the process of uploading malicious PHP payloads via the JCE editor's file upload functionality and verifies RCE by executing arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: JCE (Joomla Content Editor) for Joomla
No auth needed
Prerequisites: Target must have JCE installed · JCE must be accessible and vulnerable
devstral-2 · analyzed Jun 09, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v4 10.0
EPSS 0.0015
EPSS Percentile 34.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull joomla:latest

Details

CWE
CWE-284
Status published
Products (1)
joomlacontenteditor.net/Joomla Content Editor (JCE) extension for Joomla 1.0.0-2.9.99.4
Published Jun 05, 2026
Tracked Since Jun 05, 2026