INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Adobe ColdFusion, Joomlack Page Builder Exploit Added

| 2026-07-08 08:38 CRITICAL HIGH
Executive Summary AI-generated
The attackers exploited a range of vulnerabilities in Adobe ColdFusion, JoomShaper SP Page Builder and Langflow Authorization Bypass Through User-Controlled Key Vulnerability to gain unauthorized access to compromised servers. The attacks originated from IP addresses in India, with the first reported incident on July 8th, 2026. Researchers at KEVIntel identified these vulnerabilities as CVE-2026-48282, CVE-2026-48908 and CVE-2026-55255, which allowed attackers to execute code on vulnerable servers, upload malicious files and create new administrator accounts, deploy web shells and steal sensitive data. The attacks were financially motivated, targeting botnet or cryptojacking activity.
Technical Mitigations AI-generated
* Regularly update and patch Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder: Ensure all affected systems have the latest security patches installed to prevent exploitation of known vulnerabilities. * Use a web application firewall (WAF) or intrusion detection system (IDS): Implementing a WAF or IDS can help detect and block malicious traffic, reducing the risk of successful attacks on vulnerable sites. * Implement secure coding practices: Ensure developers follow best practices for secure coding, such as validating user input, using secure protocols like HTTPS, and keeping software up to date with the latest security patches. * Monitor system logs and network traffic: Regularly review system logs and network traffic to detect suspicious activity that may indicate an attack is in progress. * Use a Content Security Policy (CSP): Implementing a CSP can help restrict what types of content are allowed on web pages, reducing the risk of XSS attacks.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2025-3248CVE-2025-3248 CVE-2025-34291CVE-2025-34291 CVE-2026-48908CVE-2026-48908 CVE-2026-0770CVE-2026-0770 CVE-2026-33017CVE-2026-33017 CVE-2026-48282CVE-2026-48282 CVE-2026-5027CVE-2026-5027 CVE-2026-55255CVE-2026-55255 CVE-2026-56290CVE-2026-56290 CVE-2026-21445CVE-2026-21445
Target & Sectors
IN
mediamedia
Incident Timeline
‎2026/05/26
The threat actors used a lone operator to exploit CVE-2026-55255 in Adobe ColdFusion, along with an unauthenticated remote code execution flaw in Langflow and Joomlack Page Builder.
vulnerability CVE-2026-55255
organisation CVE-2026-33017
tactic Remote Code Execution
‎June 2026
Threat actors used a remote code execution vulnerability in Adobe ColdFusion to target AWS, exploiting an authorization bypass through a user-controlled key vulnerability in Langflow.
organisation KeV
organisation AWS
‎between June 22
Threat actors exploited CVE-2026-55255 and CVE-2026-33017 vulnerabilities in Langflow between June 22 and 25.
vulnerability CVE-2026-55255
vulnerability CVE-2026-33017
‎June 25, 2026
The operator exploited the Langflow vulnerability CVE-2026-55255.
vulnerability CVE-2026-55255
vulnerability CVSS 9.9
organisation the Sysdig Threat Research Team
organisation TRT
general_metric 9.9 critical Langflow vulnerability
vulnerability CVE-2026-33017
tactic Reconnaissance
organisation CVSS
‎June 27, 2026
Threat actors used CVE-2026-56290 to exploit vulnerabilities in Adobe ColdFusion and Joomlack Page Builder, as well as Langflow and JoomShaper SP Page Builders.
vulnerability CVE-2026-56290
organisation WordPress
‎27 June 2026
The U.S. CISA added Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog on June 27, 2026.
infrastructure 3.6.0
organisation PageBuilder CK
‎2026/07/01
Ransomware operators exploited the CVE-2025-3248 Langflow flaw in Adobe ColdFusion and Joomlack Page Builder to deploy an artificial agent.
tactic Ransomware
tactic Extortion
vulnerability CVE-2025-3248
organisation Sysdig
‎Jul 08, 2026
Threat actors exploited vulnerabilities in Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builders.
‎between June 22 and June 25, 2026
Threat actors used a lone operator to target CVE-2026-55255 and an unauthenticated remote code execution flaw in Langflow, as part of a sustained campaign that exploited vulnerabilities in Adobe ColdFusion and Joomlack Page Builder.
vulnerability CVE-2026-55255
organisation CVE-2026-33017
tactic Remote Code Execution
‎2026/07/08
Attackers exploited a vulnerability in Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder.
organisation IP
organisation KEVIntel
organisation The Hacker News
infrastructure 6.6.2
infrastructure 3.6.0
organisation JoomShaper
organisation Adobe ColdFusion
organisation PHP
organisation CVE-2026
organisation CVE-2026-48908
organisation Super User
organisation AWS
organisation CVE-2026-56290
infrastructure 10.0
infrastructure 2025.9
infrastructure 2023.20
organisation JoomShaper SP
organisation KeV
organisation Known Exploited
organisation CVE-2025-34291
organisation CVE-2025
organisation Adobe
‎July 10, 2026
Threat actors used Adobe ColdFusion to target FCEB agencies, which then exploited vulnerabilities in Joomlack Page Builder and Langflow before being affected by flaws in JoomShaper SP Page Builder.
attribution FCEB
attribution Federal Civilian Executive Branch
Tactical Metrics
Metrics
infrastructure
‎6.6.2
Software Version
Metrics
infrastructure
‎3.6.0
Software Version
Metrics
infrastructure
‎2025.9
Software Version
Metrics
infrastructure
‎2023.20
Software Version
Metrics
infrastructure
‎10.0
Software Version