๐Ÿ” CVE Alert

CVE-2026-56291

UNKNOWN 0.0 โš ๏ธ CISA KEV

Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
20th

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CWE CWE-434
Vendor balbooa.com
Product balbooa.com balbooa forms extension for joomla
Published Jul 9, 2026
Last Updated Jul 11, 2026
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for balbooa.com balbooa.com balbooa forms extension for joomla

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-56291.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

balbooa.com / balbooa.com Balbooa Forms extension for Joomla
1.0-2.4.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
balbooa.com: https://www.balbooa.com/joomla-forms mysites.guru: https://mysites.guru/blog/balbooa-forms-unauthenticated-file-upload-flaw/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56291

Credits

Phil Taylor