CISA adds two Joomla extension RCE paths to KEV

CISA adds two Joomla extension RCE paths to KEV


CISA adds two Joomla extension RCE paths to KEV

CISA has added CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Forms to the Known Exploited Vulnerabilities catalog. Both issues are unrestricted file upload flaws. In iCagenda, the attachment feature can allow arbitrary file upload and PHP execution. In Balbooa Forms, an unauthenticated upload path can lead to executable file placement and full remote code execution. Federal agencies have until July 13, 2026 to remediate.

The KEV addition confirms active exploitation and elevates both flaws from patching backlog to immediate exposure management. Because both affect Joomla extensions and rely on file upload abuse, internet-facing sites using either component should be treated as potentially reachable RCE surfaces.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"

Report Page