#4
The Hacker News
general
July 13, 2026 at 05:36 UTC
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
By [email protected] (The Hacker News)
AI Summary
CISA added two CVSS 10.0 vulnerabilities — CVE-2026-48939 (iCagenda) and a matching flaw in Balbooa Forms — to its KEV catalog after reports of zero-day exploitation in the wild, both enabling remote code execution via arbitrary file upload in Joomla extensions. Organizations running Joomla with these extensions should patch immediately, as active exploitation is confirmed.
Relevance score: 84.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →