Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Organizations Warned of Exploited Joomla Extension Vulnerabilities

0
Critical
Exploitremote
Published: 07/13/2026 (07/13/2026, 09:08:02 UTC)
Source: SecurityWeek

Description

Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution. The post Organizations Warned of Exploited Joomla Extension Vulnerabilities appeared first on SecurityWeek .

Affected software

Affected versions
<=2.4.0<4.0.8<=3.9.14

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 09:17:44 UTC

Technical Analysis

Threat actors have been exploiting critical unauthenticated arbitrary file upload vulnerabilities in the Joomla extensions Balbooa Forms and iCagenda, enabling remote code execution (RCE). The Balbooa Forms vulnerability (CVE-2026-56291) affects versions 2.4.0 and earlier and was patched in version 2.4.1 released on July 9, 2026. The iCagenda vulnerability (CVE-2026-48939) was patched in versions 4.0.8 and 3.9.15 released on June 15-16, 2026. Both vulnerabilities have a CVSS score of 10 and have been observed exploited in the wild as zero-days. The US Cybersecurity and Infrastructure Security Agency (CISA) added these to its Known Exploited Vulnerabilities catalog on July 10, 2026, recommending patching within three days for federal agencies.

Potential Impact

Successful exploitation allows unauthenticated attackers to upload arbitrary files, including malicious PHP scripts, to vulnerable Joomla extension deployments. This leads to remote code execution, enabling attackers to execute arbitrary commands on affected servers. The vulnerabilities have been actively exploited in the wild, increasing the risk of compromise for websites running affected versions of these extensions.

Mitigation Recommendations

Patches are available and should be applied immediately. For Balbooa Forms, upgrade to version 2.4.1 or later. For iCagenda, upgrade to versions 4.0.8 or 3.9.15 or later. The US CISA agency has included these vulnerabilities in its Known Exploited Vulnerabilities catalog and recommends patching within three days for federal agencies. Organizations should prioritize applying these official fixes to mitigate the risk of exploitation.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/organizations-warned-of-exploited-joomla-extension-vulnerabilities/","fetched":true,"fetchedAt":"2026-07-13T09:17:37.107Z","wordCount":959}

Threat ID: 6a54ad3168715ace438e580a

Added to database: 07/13/2026, 09:17:37 UTC

Last enriched: 07/13/2026, 09:17:44 UTC

Last updated: 07/13/2026, 17:31:44 UTC

Views: 8

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses