The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
References
| Link | Resource |
|---|---|
| https://mysites.guru/blog/balbooa-forms-unauthenticated-file-upload-flaw/ | Exploit Third Party Advisory |
| https://www.balbooa.com/joomla-forms | Product |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56291 | US Government Resource |
Configurations
History
10 Jul 2026, 19:12
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56291 - US Government Resource |
10 Jul 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
10 Jul 2026, 15:35
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Balbooa
Balbooa forms |
|
| CPE | cpe:2.3:a:balbooa:forms:*:*:*:*:*:joomla\!:*:* | |
| References | () https://mysites.guru/blog/balbooa-forms-unauthenticated-file-upload-flaw/ - Exploit, Third Party Advisory | |
| References | () https://www.balbooa.com/joomla-forms - Product | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
09 Jul 2026, 11:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-09 11:16
Updated : 2026-07-11 05:16
NVD link : CVE-2026-56291
Mitre link : CVE-2026-56291
CVE.ORG link : CVE-2026-56291
JSON object : View
Products Affected
balbooa
- forms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
