Organizations Warned of Exploited Joomla Extension Vulnerabilities
Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution. The post Organizations Warned of Exploited Joomla Extension Vulnerabilities appeared first on SecurityWeek .
AI Analysis
Technical Summary
Threat actors have been exploiting critical unauthenticated arbitrary file upload vulnerabilities in the Joomla extensions Balbooa Forms and iCagenda, enabling remote code execution (RCE). The Balbooa Forms vulnerability (CVE-2026-56291) affects versions 2.4.0 and earlier and was patched in version 2.4.1 released on July 9, 2026. The iCagenda vulnerability (CVE-2026-48939) was patched in versions 4.0.8 and 3.9.15 released on June 15-16, 2026. Both vulnerabilities have a CVSS score of 10 and have been observed exploited in the wild as zero-days. The US Cybersecurity and Infrastructure Security Agency (CISA) added these to its Known Exploited Vulnerabilities catalog on July 10, 2026, recommending patching within three days for federal agencies.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload arbitrary files, including malicious PHP scripts, to vulnerable Joomla extension deployments. This leads to remote code execution, enabling attackers to execute arbitrary commands on affected servers. The vulnerabilities have been actively exploited in the wild, increasing the risk of compromise for websites running affected versions of these extensions.
Mitigation Recommendations
Patches are available and should be applied immediately. For Balbooa Forms, upgrade to version 2.4.1 or later. For iCagenda, upgrade to versions 4.0.8 or 3.9.15 or later. The US CISA agency has included these vulnerabilities in its Known Exploited Vulnerabilities catalog and recommends patching within three days for federal agencies. Organizations should prioritize applying these official fixes to mitigate the risk of exploitation.
Organizations Warned of Exploited Joomla Extension Vulnerabilities
Description
Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution. The post Organizations Warned of Exploited Joomla Extension Vulnerabilities appeared first on SecurityWeek .
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Threat actors have been exploiting critical unauthenticated arbitrary file upload vulnerabilities in the Joomla extensions Balbooa Forms and iCagenda, enabling remote code execution (RCE). The Balbooa Forms vulnerability (CVE-2026-56291) affects versions 2.4.0 and earlier and was patched in version 2.4.1 released on July 9, 2026. The iCagenda vulnerability (CVE-2026-48939) was patched in versions 4.0.8 and 3.9.15 released on June 15-16, 2026. Both vulnerabilities have a CVSS score of 10 and have been observed exploited in the wild as zero-days. The US Cybersecurity and Infrastructure Security Agency (CISA) added these to its Known Exploited Vulnerabilities catalog on July 10, 2026, recommending patching within three days for federal agencies.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload arbitrary files, including malicious PHP scripts, to vulnerable Joomla extension deployments. This leads to remote code execution, enabling attackers to execute arbitrary commands on affected servers. The vulnerabilities have been actively exploited in the wild, increasing the risk of compromise for websites running affected versions of these extensions.
Mitigation Recommendations
Patches are available and should be applied immediately. For Balbooa Forms, upgrade to version 2.4.1 or later. For iCagenda, upgrade to versions 4.0.8 or 3.9.15 or later. The US CISA agency has included these vulnerabilities in its Known Exploited Vulnerabilities catalog and recommends patching within three days for federal agencies. Organizations should prioritize applying these official fixes to mitigate the risk of exploitation.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/organizations-warned-of-exploited-joomla-extension-vulnerabilities/","fetched":true,"fetchedAt":"2026-07-13T09:17:37.107Z","wordCount":959}
Threat ID: 6a54ad3168715ace438e580a
Added to database: 07/13/2026, 09:17:37 UTC
Last enriched: 07/13/2026, 09:17:44 UTC
Last updated: 07/13/2026, 17:31:44 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.