Unauthenticated Arbitrary File Upload Vulnerability in Joomla Extension Page Builder CK
CVE-2026-56290

10CRITICAL

Key Information:

Vendor: Joomlack.fr
Status: Joomlack.fr Page Builder Ck Extension For Joomla
Vendor: CVE Published:; 29 June 2026

🔔 Create Joomlack.fr Vulnerability Alert

What is CVE-2026-56290?

The Joomla extension Page Builder CK contains a vulnerability that allows unauthenticated attackers to upload arbitrary files. This weakness can be exploited to upload executable files, resulting in remote code execution on the server. The implications of this vulnerability are severe, as it may allow attackers to gain full control over the affected system. Website administrators are advised to update to the latest version of the extension to mitigate this security risk.

Affected Version(s)

JoomlaCK.fr Page Builder CK extension for Joomla 1.0-3.6.0

References

https://www.joomlack.fr/

product

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 20, 2026

Credit

Phil Taylor

CVE-2026-56290 Data

JSON