CISA has added a critical Joomla Content Editor (JCE) vulnerability, CVE-2026-48907 (CVSS score: 10.0), to its Known Exploited Vulnerabilities catalog, citing active exploitation. This improper access control flaw allows unauthenticated attackers to execute arbitrary PHP code on affected systems. Joomla users are urged to patch immediately to prevent compromise.