CVE-2026-56291

Published Jul 9, 2026

Last updated a day ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-56291 is a vulnerability found in the Joomla extension Balbooa Forms. It is categorized as an unauthenticated arbitrary file upload flaw, meaning an attacker can upload executable files without needing to authenticate to the system. This capability can lead to full Remote Code Execution (RCE) on affected systems. The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, indicating that it is being actively exploited in the wild.

Description
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Source
security@joomla.org
NVD status
Analyzed
Products
forms

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
Exploit added on
Jul 10, 2026
Exploit action due
Jul 13, 2026
Required action
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Weaknesses

security@joomla.org
CWE-434

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

3

  1. 🟦 PCMedicalist Signal · Jul 11 • CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File… — CISA KEV Vulns • CVE-2026-48939 — iCagenda Unrestricted Upload of File with… — CISA KEV Vulns #VulnerabilityIntelligence SecOps · Blue Team · Autonomous Builds htt

    @PCMedicalist

    11 Jul 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. TRC analysis shows attackers are exploiting Joomla extension vulnerabilities (CVE-2026-48939, CVE-2026-56291) to upload malicious PHP files and execute remote code. Once compromised, they pivot laterally across internal networks. Runtime segmentation helps contain post-compromise

    @aviatrixtrc

    11 Jul 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔒 #CyberSecurity CVE-2026-48939 & CVE-2026-56291: CISA KEV Alert on iCagenda and Balbooa Forms E… "On July 10, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added two…" 🔗 https://t.co/jXXXyKlEKS #CyberSecurity #ThreatIntel #cve #zeroday #patc

    @SecurityAr58409

    11 Jul 2026

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🟦 PCMedicalist Signal · Jul 11 • CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File… — CISA KEV Vulns • CVE-2026-48939 — iCagenda Unrestricted Upload of File with… — CISA KEV Vulns #VulnerabilityIntelligence SecOps · Blue Team · Autonomous Builds htt

    @PCMedicalist

    11 Jul 2026

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにiCagendaのCVE-2026-48939とBalbooa FormsのCVE-2026-56291を追加。対処期限は3日後の7/13。ランサムウェアによる悪用は不知。 https:

    @__kokumoto

    11 Jul 2026

    1192 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 🛡️ @CISACyber added iCagenda vulnerability CVE-2026-48939 & Balbooa Forms vulnerability CVE-2026-56291 to our KEV Catalog. Visit https://t.co/Hr1Rpw9Skf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

    @chris_uk2026

    11 Jul 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Two Joomla! extensions added to the KEVs. CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability and CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type

    @kaotickjay

    11 Jul 2026

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CISA 7月10日把两个 Joomla 生态漏洞加入 KEV 已知被利用漏洞目录,值得网站运维和安全团队留意。 这两个漏洞分别是 CVE-2026-48939(iCagenda)和 CVE-2026-56291(Balbooa Forms)。NVD/CVE 记录显示,它们都与不受限制的文件上

    @jojo_licg

    11 Jul 2026

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations