CISA warns of actively exploited RCE flaws in Joomla extensions

CISA warns of actively exploited RCE flaws in Joomla extensions
CISA says attackers are exploiting arbitrary file upload flaws in the iCagenda and Balbooa Forms Joomla extensions to achieve remote code execution and full website compromise. Federal agencies must apply the available fixes immediately, as both CVE-2026-48939 and CVE-2026-56291 were reportedly used in automated attacks before patches were released. #CISA #iCagenda #BalbooaForms #Joomla #CVE-2026-48939 #CVE-2026-56291

Keypoints

  • CISA has marked both Joomla extension flaws as maximum priority.
  • CVE-2026-48939 affects the iCagenda extension through arbitrary file uploads.
  • CVE-2026-56291 affects the Balbooa Forms extension and can lead to RCE.
  • Attackers reportedly used both flaws in automated attacks before patches were released.
  • Administrators should verify whether iCagenda or Balbooa Forms are installed and update immediately.

Read More: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-rce-flaws-in-joomla-extensions/