[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB9iNWN8gtGG3JyEEeseKo_oUXIw1IN4D_Mqrcvr31EQ":3},{"article":4,"iocs":53},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":35},"bd27d4f1-853d-4247-a834-d27fc6db1eeb","Organizations Warned of Exploited Joomla Extension Vulnerabilities","organizations-warned-of-exploited-joomla-extension-vulnerabilities-cb362d","Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution. The post Organizations Warned of Exploited Joomla Extension Vulnerabilities appeared first on SecurityWeek.","Threat actors are actively exploiting critical vulnerabilities in the Balbooa Forms and iCagenda Joomla extensions, enabling unauthenticated remote code execution. Both flaws, CVE-2026-56291 and CVE-2026-48939, are described as arbitrary file upload issues that allow attackers to upload PHP code. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch them promptly.","Exploited Joomla extension flaws allow unauthenticated remote code execution.","Threat actors have been exploiting critical vulnerabilities in the Balbooa Forms and iCagenda Joomla extensions that allow unauthenticated attackers to achieve remote code execution (RCE). The Balbooa flaw, tracked as CVE-2026-56291 (CVSS score of 10), is described as an unauthenticated arbitrary file upload issue affecting the extension’s frontend attachment upload endpoint. Balbooa Forms version 2.4.1 was released on July 9 with patches for the bug, but threat actors were observed exploiting it in the wild as a zero-day. The security defect impacts all websites running Balbooa Forms version 2.4.0 or earlier, and the active exploitation prompts immediate action from site administrators. In June, the iCagenda extension for Joomla was found to be affected by a similar arbitrary file upload vulnerability in the file attachment feature, tracked as CVE-2026-48939 (CVSS score of 10). As with the Balbooa bug, the iCagenda flaw allows attackers to upload PHP code to a vulnerable deployment and achieve RCE without authentication.Advertisement. Scroll to continue reading. JoomliC, iCagenda’s developer, reportedly observed the CVE being exploited in the wild as a zero-day on June 15. The developer rolled out patches in iCagenda versions 4.0.8 and 3.9.15 on June 15-16. On July 10, the US cybersecurity agency CISA added both Joomla extension security defects to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them within three days, in line with BOD 26-04 guidance. While BOD 26-04 applies only to federal agencies, all organizations are advised to review CISA’s KEV list and address the vulnerabilities it identifies as soon as possible. Related: Palo Alto Networks Patches 13 Vulnerabilities Related: 15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google Related: Microsoft Patches Defender ‘RoguePlanet’ Vulnerability Related: Chrome 150 Update Patches 27 Vulnerabilities Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Network of 200 GitHub Repositories Used for Malware Infection12 Million Impacted by Data Breach at Japanese Telco KDDI15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From GoogleMount Royal University Confirms Data Stolen in Ransomware AttackChrome 150 Update Patches 27 Vulnerabilities8Layers Raises $2.9 Million for Identity Security PlatformUnpatched Backdoor in Tenda Firmware Grants Admin Access to DevicesAccenture Confirms Data Breach After Hacker Claims Source Code Theft Latest News Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security ConcernsCenters Laboratory Data Breach Affects 540,000 IndividualsGhost Accounts Abuse GitHub API in Mass Recon CampaignIn Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware OpsThird US Security Expert Sentenced to Prison for Helping Ransomware GangChina, India-Linked Hackers Both Targeted Same Pakistani Police ForceOkta Warns of Vishing Attacks Targeting Microsoft 365 CustomersGigaWiper Combines Multiple Malware for System-Level Sabotage Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveBlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.Solana Foundation has appointed Michael Coates as Chief Information Security Officer.Michael Sikorski has joined Coinbase as Chief Information Security Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Forganizations-warned-of-exploited-joomla-extension-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F07\u002FJoomla.jpeg","2026-07-13T09:08:02+00:00","2026-07-13T10:00:17.417397+00:00",9,[18,21,23,26,28],{"name":19,"type":20},"Balbooa Forms","product",{"name":22,"type":20},"iCagenda",{"name":24,"type":25},"Joomla","technology",{"name":27,"type":20},"Known Exploited Vulnerabilities catalog",{"name":29,"type":20},"BOD 26-04","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":30,"icon":32,"name":33,"slug":34},null,"Vulnerabilities","vulnerabilities",[36,41,46,48],{"category":37},{"id":38,"icon":32,"name":39,"slug":40},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":42},{"id":43,"icon":32,"name":44,"slug":45},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":47},{"id":30,"icon":32,"name":33,"slug":34},{"category":49},{"id":50,"icon":32,"name":51,"slug":52},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[54,58],{"type":55,"value":56,"context":57},"cve","CVE-2026-56291","Balbooa Forms arbitrary file upload vulnerability",{"type":55,"value":59,"context":60},"CVE-2026-48939","iCagenda arbitrary file upload vulnerability"]