Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CISA warns of actively exploited RCE flaws in Joomla extensions

0
Critical
Exploitremoterce
Published: 07/13/2026 (07/13/2026, 15:20:16 UTC)
Source: Bleeping Computer

Description

CISA has issued a warning about actively exploited remote code execution (RCE) vulnerabilities in two Joomla extensions: iCagenda and Balbooa Forms. These vulnerabilities allow attackers to upload arbitrary files, including executable PHP scripts, leading to full website compromise. The iCagenda flaw (CVE-2026-48939) affects the file attachment feature, while the Balbooa Forms flaw (CVE-2026-56291) affects the file upload functionality in contact forms. Both vulnerabilities were exploited in the wild before patches were released. Fixes are available in iCagenda versions 4.0.8 and 3.9.15, and Balbooa Forms version 2.4.1. CISA has mandated rapid patching for federal agencies due to the critical nature of these flaws.

Affected software

Affected versions
<4.0.8<3.9.15<2.4.1

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 15:47:54 UTC

Technical Analysis

Two critical remote code execution vulnerabilities in Joomla extensions iCagenda and Balbooa Forms have been actively exploited by attackers. CVE-2026-48939 in iCagenda allows arbitrary file uploads via the file attachment feature, enabling PHP code execution and full site compromise. CVE-2026-56291 in Balbooa Forms permits dangerous file uploads through its drag-and-drop form builder, also leading to RCE and website takeover. Both vulnerabilities were exploited in automated attacks prior to vendor patch releases. iCagenda patches were released in versions 4.0.8 and 3.9.15, and Balbooa Forms patch in version 2.4.1. CISA has classified these as maximum priority vulnerabilities and ordered immediate remediation.

Potential Impact

Successful exploitation of these vulnerabilities enables attackers to upload arbitrary executable files, including PHP scripts, resulting in remote code execution. This can lead to data theft, installation of web shells, and complete compromise of affected Joomla websites. The flaws were actively exploited in the wild before patches were available, increasing the risk of widespread attacks and website takeovers.

Mitigation Recommendations

Patches addressing these vulnerabilities are available: iCagenda versions 4.0.8 and 3.9.15, and Balbooa Forms version 2.4.1. Website administrators should immediately update to these fixed versions. CISA has mandated federal agencies to apply these updates or mitigations within three days of the advisory. No alternative mitigations are specified; applying the official patches is the recommended course of action.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-rce-flaws-in-joomla-extensions/","fetched":true,"fetchedAt":"2026-07-13T15:47:39.639Z","wordCount":678}

Threat ID: 6a55089b68715ace4361c5c8

Added to database: 07/13/2026, 15:47:39 UTC

Last enriched: 07/13/2026, 15:47:54 UTC

Last updated: 07/13/2026, 19:06:23 UTC

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses