CISA KEV directive for Joomla extension flaws
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added the Joomla extension flaws to the KEV catalog and ordered federal agencies to apply updates or mitigations within three days, tightening remediation timelines for systems exposed to CVE-2026-48939 and CVE-2026-56291.
Related Happenings
Joomla iCagenda and Balbooa Forms active RCE exploitation wave
Exploitation Wave
H score42
First: 13.07.2026 18:20
Last: 13.07.2026 18:20
Sources 1
How related:
According to website management and security platform mySites.guru, both flaws were exploited in automated attacks before vendors released a patch.
About this happening:
**Joomla** sites were hit by an **active exploitation wave** against **iCagenda** and **Balbooa Forms** upload flaws, enabling **remote code execution** and full website takeover....
Joomla iCagenda and Balbooa Forms active RCE exploitation wave
Exploitation WaveHow related: According to website management and security platform mySites.guru, both flaws were exploited in automated attacks before vendors released a patch.
About this happening: **Joomla** sites were hit by an **active exploitation wave** against **iCagenda** and **Balbooa Forms** upload flaws, enabling **remote code execution** and full website takeover....
Joomla extensions arbitrary file upload (multiple vulnerabilities, actively exploited)
Vulnerability
H score59
First: 13.07.2026 08:36
Last: 13.07.2026 08:36
Sources 1
How related:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads.
About this happening:
**CISA** added **CVE-2026-48939** and **CVE-2026-56291** to the **KEV catalog**, confirming **zero-day exploitation** of two **Joomla** extension flaws that allow arbitrary file u...
Joomla extensions arbitrary file upload (multiple vulnerabilities, actively exploited)
VulnerabilityHow related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads.
About this happening: **CISA** added **CVE-2026-48939** and **CVE-2026-56291** to the **KEV catalog**, confirming **zero-day exploitation** of two **Joomla** extension flaws that allow arbitrary file u...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch Release
H score46
First: 17.06.2026 13:09
Last: 17.06.2026 13:09
Sources 1
About this happening:
**JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch ReleaseAbout this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
Widget Factory Joomla Content Editor JCE actively exploited improper access control security flaw (CVE-2026-48907)
Vulnerability
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
The **Widget Factory Joomla Content Editor (JCE)** flaw **CVE-2026-48907** has been added to **CISA's KEV catalog** after evidence of **active exploitation**, putting affected Joo...
Widget Factory Joomla Content Editor JCE actively exploited improper access control security flaw (CVE-2026-48907)
VulnerabilityAbout this happening: The **Widget Factory Joomla Content Editor (JCE)** flaw **CVE-2026-48907** has been added to **CISA's KEV catalog** after evidence of **active exploitation**, putting affected Joo...
Timeline
-
13.07.2026 18:20 1 articles · 8h ago
Balbooa Forms zero-day exploitation enables Joomla website takeover
Exploitation ObservedBalbooa Forms for Joomla was exploited as a zero-day through arbitrary file upload abuse, with attacks observed since July 8, 2026 before the vendor released version 2.4.1 on July 9. The flaw allowed dangerous files, including executable files, to be uploaded and could lead to remote code execution and full website takeover on affected Joomla sites.
Show sources
- CISA warns of actively exploited RCE flaws in Joomla extensions — www.bleepingcomputer.com — 13.07.2026 18:20
-
13.07.2026 18:20 2 articles · 8h ago
CISA orders federal agencies to remediate actively exploited Joomla extension flaws
Legal Policy Action UpdateCISA classified CVE-2026-48939 and CVE-2026-56291 as maximum priority KEV entries and ordered federal agencies using Joomla extensions to apply available security updates and/or mitigations within three days, with the deadline set for July 13, 2026. The warning tied the arbitrary file upload flaws in iCagenda and Balbooa Forms to remote code execution, web shell installation, data theft, and full website compromise on affected Joomla sites.
Show sources
- CISA warns of actively exploited RCE flaws in Joomla extensions — www.bleepingcomputer.com — 13.07.2026 18:20
- CISA warns of actively exploited RCE flaws in Joomla extensions — www.bleepingcomputer.com — 13.07.2026 18:20