CVE Tools
Back to feed
SecurityWeek ·EN-US News source Exploited in the wildBalbooa FormsiCagendaSmart Install (SMI) feature

Organizations Warned of Exploited Joomla Extension Vulnerabilities

By Ionut Arghire··1 min read
CVE Tools coverage

Security researchers have confirmed that cybercriminals are actively exploiting two severe vulnerabilities in widely used Joomla extensions, enabling unauthenticated attackers to execute arbitrary code remotely. The affected components are Balbooa Forms and iCagenda, both of which were found to contain critical file upload flaws. These issues—CVE-2026-56291 and CVE-2026-48939—have already been weaponized in attacks before patches were available, making them zero-days. Both vendors have now released updates to resolve the issues, but administrators must act quickly to apply them. CISA has also added these flaws to its Known Exploited Vulnerabilities catalog, emphasizing their urgent risk.