CVE-2026-56291

PUBLISHED
Published: 09 Jul 2026, 09:53
Last modified:09 Jul 2026, 09:53

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
10 CRITICAL
v4.0 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Jul 2026, 09:53
Published
Vulnerability first disclosed

Description

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVSS Metrics

  • v4.0CRITICALScore: 10CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red

Techniques & Countermeasures

  • CWE-434Unrestricted Upload of File with Dangerous Type

    The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Affected Systems

  • balbooa.combalbooa.com balbooa forms extension for joomla

    1.0-2.4.0

References (2)