Back to overview

CVE-2026-57827

CRITICAL
10.0
CVSS 4.0
Description
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Metadata

CVE ID
CVE-2026-57827
State
PUBLISHED
Assigner
Joomla
Reserved
2026-06-25 16:55 UTC
Published
2026-07-11 09:29 UTC
Last updated
2026-07-11 09:29 UTC
Primary CWE
CWE-434
CWE-434: Unrestricted Upload of File with Dangerous Type
Vendor / Product
rsjoomla.com / rsjoomla.com RSFiles extension for Joomla
Sources
cve.org  ·  NVD

Severity & Metrics

10.0 CRITICAL CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
Affected products (1)
VendorProductPlatformVersions
rsjoomla.com rsjoomla.com RSFiles extension for Joomla 1.0-1.17.11
Weakness (CWE)
CWESourceDescription
CWE-434 cna CWE-434: Unrestricted Upload of File with Dangerous Type
CVSS scores (1)
ScoreSeverityVersionSourceVector
10.0 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
Back to overview