Organizations using Joomla extensions are on high alert due to severe vulnerabilities that have been actively exploited by malicious actors. These security flaws in Balbooa Forms and iCagenda allow unauthorized users to perform remote code execution (RCE) attacks.
Details of the Balbooa Forms Vulnerability
The vulnerability in Balbooa Forms, identified as CVE-2026-56291, scores 10 on the CVSS scale, indicating its critical nature. This flaw involves an unauthenticated arbitrary file upload issue, affecting the frontend attachment upload endpoint of the extension.
Although version 2.4.1 of Balbooa Forms was released on July 9 to address this issue, attackers were already taking advantage of the vulnerability before the patch was available, marking it as a zero-day exploit. It is crucial for all sites using version 2.4.0 or earlier to update immediately to mitigate potential security breaches.
iCagenda Extension Under Threat
In a similar vein, the iCagenda extension was discovered in June to have a comparable vulnerability, tracked as CVE-2026-48939, which also allows arbitrary file uploads. This flaw enables attackers to insert PHP code into a compromised system, resulting in RCE without the need for authentication.
JoomliC, the developer behind iCagenda, observed this vulnerability being exploited as a zero-day on June 15. Promptly, they released patches in versions 4.0.8 and 3.9.15 to counteract the threat.
Urgent Patch Recommendations from CISA
On July 10, these Joomla extension vulnerabilities were added to the Known Exploited Vulnerabilities (KEV) catalog by the US Cybersecurity and Infrastructure Security Agency (CISA). Federal agencies have been instructed to apply patches within a three-day timeframe, following the BOD 26-04 directive.
While this directive is specific to federal entities, it serves as a strong recommendation for all organizations to promptly review and patch vulnerabilities listed by CISA to safeguard their systems effectively.
In conclusion, with the rise of cyber threats exploiting these vulnerabilities, it is imperative that organizations take immediate action to update their Joomla extensions and review security protocols to prevent unauthorized access and potential damage.
