Home / Jul 14, 2026 / Story
0
#4 The Hacker News general July 13, 2026 at 05:36 UTC

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

By [email protected] (The Hacker News)

AI Summary

CISA added two CVSS 10.0 vulnerabilities — CVE-2026-48939 (iCagenda) and a matching flaw in Balbooa Forms — to its KEV catalog after reports of zero-day exploitation in the wild, both enabling remote code execution via arbitrary file upload in Joomla extensions. Organizations running Joomla with these extensions should patch immediately, as active exploitation is confirmed.

Relevance score: 84.0/100

# More from July 14