AI description
CVE-2026-56291 is a vulnerability found in the Joomla extension Balbooa Forms. It is categorized as an unauthenticated arbitrary file upload flaw, meaning an attacker can upload executable files without needing to authenticate to the system. This capability can lead to full Remote Code Execution (RCE) on affected systems. The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, indicating that it is being actively exploited in the wild.
- Description
- The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
- Source
- security@joomla.org
- NVD status
- Analyzed
- Products
- forms
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Exploit added on
- Jul 10, 2026
- Exploit action due
- Jul 13, 2026
- Required action
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- security@joomla.org
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
🟦 PCMedicalist Signal · Jul 11 • CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File… — CISA KEV Vulns • CVE-2026-48939 — iCagenda Unrestricted Upload of File with… — CISA KEV Vulns #VulnerabilityIntelligence SecOps · Blue Team · Autonomous Builds htt
@PCMedicalist
11 Jul 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers are exploiting Joomla extension vulnerabilities (CVE-2026-48939, CVE-2026-56291) to upload malicious PHP files and execute remote code. Once compromised, they pivot laterally across internal networks. Runtime segmentation helps contain post-compromise
@aviatrixtrc
11 Jul 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 #CyberSecurity CVE-2026-48939 & CVE-2026-56291: CISA KEV Alert on iCagenda and Balbooa Forms E… "On July 10, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added two…" 🔗 https://t.co/jXXXyKlEKS #CyberSecurity #ThreatIntel #cve #zeroday #patc
@SecurityAr58409
11 Jul 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟦 PCMedicalist Signal · Jul 11 • CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File… — CISA KEV Vulns • CVE-2026-48939 — iCagenda Unrestricted Upload of File with… — CISA KEV Vulns #VulnerabilityIntelligence SecOps · Blue Team · Autonomous Builds htt
@PCMedicalist
11 Jul 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにiCagendaのCVE-2026-48939とBalbooa FormsのCVE-2026-56291を追加。対処期限は3日後の7/13。ランサムウェアによる悪用は不知。 https:
@__kokumoto
11 Jul 2026
1192 Impressions
0 Retweets
5 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ @CISACyber added iCagenda vulnerability CVE-2026-48939 & Balbooa Forms vulnerability CVE-2026-56291 to our KEV Catalog. Visit https://t.co/Hr1Rpw9Skf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@chris_uk2026
11 Jul 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two Joomla! extensions added to the KEVs. CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability and CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type
@kaotickjay
11 Jul 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA 7月10日把两个 Joomla 生态漏洞加入 KEV 已知被利用漏洞目录,值得网站运维和安全团队留意。 这两个漏洞分别是 CVE-2026-48939(iCagenda)和 CVE-2026-56291(Balbooa Forms)。NVD/CVE 记录显示,它们都与不受限制的文件上
@jojo_licg
11 Jul 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:balbooa:forms:*:*:*:*:*:joomla\\!:*:*",
"matchCriteriaId": "A5149F96-A82C-4C48-B4A5-D8AD99418D47",
"versionEndExcluding": "2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]