Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV directive for Joomla extension flaws

Public Sector Action
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

CISA added the Joomla extension flaws to the KEV catalog and ordered federal agencies to apply updates or mitigations within three days, tightening remediation timelines for systems exposed to CVE-2026-48939 and CVE-2026-56291.

Related Happenings

Joomla iCagenda and Balbooa Forms active RCE exploitation wave

Exploitation Wave
H score42 First: 13.07.2026 18:20 Last: 13.07.2026 18:20 Sources 1

How related: According to website management and security platform mySites.guru, both flaws were exploited in automated attacks before vendors released a patch.

About this happening: **Joomla** sites were hit by an **active exploitation wave** against **iCagenda** and **Balbooa Forms** upload flaws, enabling **remote code execution** and full website takeover....

Joomla extensions arbitrary file upload (multiple vulnerabilities, actively exploited)

Vulnerability
H score59 First: 13.07.2026 08:36 Last: 13.07.2026 08:36 Sources 1

How related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads.

About this happening: **CISA** added **CVE-2026-48939** and **CVE-2026-56291** to the **KEV catalog**, confirming **zero-day exploitation** of two **Joomla** extension flaws that allow arbitrary file u...

JCE Pro 2.9.99.6 patch for CVE-2026-48907

Security Patch Release
H score46 First: 17.06.2026 13:09 Last: 17.06.2026 13:09 Sources 1

About this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

Widget Factory Joomla Content Editor JCE actively exploited improper access control security flaw (CVE-2026-48907)

Vulnerability
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: The **Widget Factory Joomla Content Editor (JCE)** flaw **CVE-2026-48907** has been added to **CISA's KEV catalog** after evidence of **active exploitation**, putting affected Joo...

Timeline

  1. 13.07.2026 18:20 1 articles · 8h ago

    Balbooa Forms zero-day exploitation enables Joomla website takeover

    Exploitation Observed

    Balbooa Forms for Joomla was exploited as a zero-day through arbitrary file upload abuse, with attacks observed since July 8, 2026 before the vendor released version 2.4.1 on July 9. The flaw allowed dangerous files, including executable files, to be uploaded and could lead to remote code execution and full website takeover on affected Joomla sites.

    Show sources
  2. 13.07.2026 18:20 2 articles · 8h ago

    CISA orders federal agencies to remediate actively exploited Joomla extension flaws

    Legal Policy Action Update

    CISA classified CVE-2026-48939 and CVE-2026-56291 as maximum priority KEV entries and ordered federal agencies using Joomla extensions to apply available security updates and/or mitigations within three days, with the deadline set for July 13, 2026. The warning tied the arbitrary file upload flaws in iCagenda and Balbooa Forms to remote code execution, web shell installation, data theft, and full website compromise on affected Joomla sites.

    Show sources