CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It
CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request. Here is how the attack works and how to check if your site was hit.