BleepingComputer ·EN-US News source Exploited in the wildiCagendaBalbooa FormsJoomla
CISA warns of actively exploited RCE flaws in Joomla extensions
CVE Tools coverage
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that attackers are actively exploiting two remote code execution (RCE) vulnerabilities in popular Joomla extensions—iCagenda and Balbooa Forms. These flaws allow malicious actors to upload arbitrary files, potentially leading to full website compromise. The vulnerabilities, tracked as CVE-2026-48939 and CVE-2026-56291, were added to CISA's Known Exploited Vulnerabilities catalog with maximum priority, requiring immediate mitigation. Patches are now available for both extensions.