CVE-2026-56291
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
20th
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
| CWE | CWE-434 |
| Vendor | balbooa.com |
| Product | balbooa.com balbooa forms extension for joomla |
| Published | Jul 9, 2026 |
| Last Updated | Jul 11, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for balbooa.com balbooa.com balbooa forms extension for joomla
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-56291.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
balbooa.com / balbooa.com Balbooa Forms extension for Joomla
1.0-2.4.0
References
Credits
Phil Taylor