## https://sploitus.com/exploit?id=AE6219F6-F23B-5FB3-886B-AFFE2FBDB4B1
# CVE-2026-48907
CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated attackers to create new editor profiles, which can ultimately lead to arbitrary PHP file upload and remote code execution on affected systems