CVE-2026-56291

CVE-2026-56291 is a critical-severity vulnerability with a CVSS 4.0 base score of 10.0. The underlying weakness is classified as CWE-434.

Key facts

Description

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Frequently asked questions

What is CVE-2026-56291?
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
How severe is CVE-2026-56291?
CVE-2026-56291 has a CVSS 4.0 base score of 10.0, rated critical severity.
Is CVE-2026-56291 being actively exploited?
It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
How do I fix CVE-2026-56291?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
When was CVE-2026-56291 published?
CVE-2026-56291 was published on 2026-07-09.

References

Other CWE-434 (Unrestricted Upload of File with Dangerous Type) vulnerabilities

Browse all CWE-434 (Unrestricted Upload of File with Dangerous Type) vulnerabilities →