SecurityWeek ·EN-US News source Exploited in the wildBalbooa FormsiCagendaSmart Install (SMI) feature
Organizations Warned of Exploited Joomla Extension Vulnerabilities
CVE Tools coverage
Security researchers have confirmed that cybercriminals are actively exploiting two severe vulnerabilities in widely used Joomla extensions, enabling unauthenticated attackers to execute arbitrary code remotely. The affected components are Balbooa Forms and iCagenda, both of which were found to contain critical file upload flaws. These issues—CVE-2026-56291 and CVE-2026-48939—have already been weaponized in attacks before patches were available, making them zero-days. Both vendors have now released updates to resolve the issues, but administrators must act quickly to apply them. CISA has also added these flaws to its Known Exploited Vulnerabilities catalog, emphasizing their urgent risk.