Unauthenticated Arbitrary File Upload Vulnerability in Balbooa Forms Extension for Joomla
CVE-2026-56291

10CRITICAL

Key Information:

Vendor
CVE Published:
9 July 2026

What is CVE-2026-56291?

The Balbooa Forms extension for Joomla contains a vulnerability that allows unauthenticated users to upload arbitrary files, including executable files. This flaw can be exploited to achieve remote code execution (RCE), posing a significant security threat to sites leveraging this extension. It is essential for administrators to apply the latest security patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

balbooa.com Balbooa Forms extension for Joomla 1.0-2.4.0

References

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phil Taylor
.