CVE Catalog
CVE-2026-48908
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.73%
50th percentile — higher than 50% of all known CVEs
Summary
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
Risk Assessment
An attacker can take over the Joomla server, steal data, or install malware without requiring authentication.
Recommendation
Immediately update SP Page Builder to the latest version and restrict file upload functionality to trusted users only.
Original NVD description (English source)
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

