CVE-2026-56291
CRITICAL KEVJoomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
Title source: cnaExploitation Summary
CVE-2026-56291 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 10, 2026.
Description
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
References (2)
Core 2
Core References
Product product
https://www.balbooa.com/joomla-forms
Third Party Advisory third-party-advisory
https://mysites.guru/blog/balbooa-forms-unauthenticated-file-upload-flaw/
Scores
CVSS v3
9.8
EPSS
0.0028
EPSS Percentile
19.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2026-07-10
VulnCheck KEV
2026-07-08
CWE
CWE-434
Status
published
Products (2)
balbooa/forms
< 2.4.1
balbooa.com/balbooa.com Balbooa Forms extension for Joomla
1.0-2.4.0
Published
Jul 09, 2026
KEV Added
Jul 10, 2026
Tracked Since
Jul 09, 2026