JoomShaper Security Update Advisory (CVE-2026-48908)

JoomShaper Security Update Advisory (CVE-2026-48908)
  • A security update has been released to address a vulnerability in the JoomShaper product.
  • The affected product is SP Page Builder, and versions 1.0.0 Through 6.6.1 Are impacted.
  • The vulnerability addressed is CVE-2026-48908.
  • This vulnerability is a remote code execution vulnerability through unauthenticated arbitrary file upload in SP Page Builder. Unauthenticated arbitrary file upload refers to the ability to upload files without authorization, while remote code execution means a threat actor can execute arbitrary code on the system.
  • A Vulnerability Patch has been provided via the latest update, and SP Page Builder version 6.6.2 Is the recommended patch version.
  • Instructions for updating to the latest patched version, as outlined on the reference site, have been provided.