GHSA-28f5-j5p5-xmmw · Severity: critical — The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that...
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Conclusion & alert: CVE-2026-56291 is rated Critical Active Threat (85/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 0.84%). Core evidence: CISA KEV confirms active exploitation (added 2026-07-10) affecting Balbooa / Forms. a weakness (CWE-434) Unauthenticated remote administrative access may be possible. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability · CISA KEV detail
: 2026-07-10
: 2026-07-13
: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-07-11 | 0.28% | 0.84% | +0.56% |
| 2 | 2026-07-10 | — | 0.28% | — |
Full EPSS history (2 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 10.0 | 4.0 | CRITICAL |
|
— | — | [email protected] |
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
GHSA-28f5-j5p5-xmmw · Severity: critical — The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that...
| URL | Tags |
|---|---|
| https://mysites.guru/blog/balbooa-forms-unauthenticated-file-upload-flaw/ | Exploit Third Party Advisory |
| https://www.balbooa.com/joomla-forms | Product |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56291 | US Government Resource |