CVE Tools
Back to feed
BleepingComputer ·EN-US News source Exploited in the wildiCagendaBalbooa FormsJoomla

CISA warns of actively exploited RCE flaws in Joomla extensions

By Bill Toulas··2 min read
CVE Tools coverage

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that attackers are actively exploiting two remote code execution (RCE) vulnerabilities in popular Joomla extensions—iCagenda and Balbooa Forms. These flaws allow malicious actors to upload arbitrary files, potentially leading to full website compromise. The vulnerabilities, tracked as CVE-2026-48939 and CVE-2026-56291, were added to CISA's Known Exploited Vulnerabilities catalog with maximum priority, requiring immediate mitigation. Patches are now available for both extensions.