CVE-2026-56291
PUBLISHED
Published: 09 Jul 2026, 09:53
Last modified:09 Jul 2026, 09:53
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
10 CRITICAL
v4.0 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Jul 2026, 09:53
Published
Vulnerability first disclosed
Description
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVSS Metrics
- v4.0•CRITICAL•Score: 10CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
Techniques & Countermeasures
- CWE-434•Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Affected Systems
- balbooa.com•balbooa.com balbooa forms extension for joomla
1.0-2.4.0