CVE-2026-56290

PUBLISHED

Published: 29 Jun 2026, 14:31

Last modified:29 Jun 2026, 14:31

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

10 CRITICAL

v4.0 (cve.org)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Jun 2026, 14:31

Published

Vulnerability first disclosed

Description

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVSS Metrics

v4.0•CRITICAL•Score: 10CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red

Techniques & Countermeasures

CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Affected Systems

joomlack.fr•joomlack.fr page builder ck extension for joomla
1.0-3.6.0

References (1)

https://www.joomlack.fr/