CVE-2026-56291
CRITICAL
10.0
CVSS 4.0
Description
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Metadata
Severity & Metrics
10.0
CRITICAL CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| balbooa.com | balbooa.com Balbooa Forms extension for Joomla | — | 1.0-2.4.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-434 | cna | CWE-434: Unrestricted Upload of File with Dangerous Type |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 10.0 | CRITICAL | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red |
References (2)