BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CISA adds two critical Joomla extension flaws to KEV list

CISA adds two critical Joomla flaws to KEV after zero-day attacks enabling remote code execution

  • U.S. CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities (KEV) catalog after zero-day attacks in the wild.
  • Both vulnerabilities—CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Forms—allow unauthenticated file upload leading to remote code execution.
  • Exploitation of the iCagenda flaw began as early as June 15, 2026, and the Balbooa flaw was discovered by mySites.guru on July 8 following a live attack on a customer.
  • Patches are available for both extensions; Federal agencies must apply fixes by July 13, 2026.
  • The Australian Cyber Security Centre (ACSC) also warned of a global campaign targeting vulnerable CMS systems and plugins.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws affecting iCagenda and Balbooa extensions for Joomla to its KEV catalog following reports of zero-day exploitation in the wild. Both vulnerabilities, rated 10.0 on the CVSS scoring system, allow arbitrary file upload leading to remote code execution.

- Advertisement -

According to mySites.guru, CVE-2026-48939 in iCagenda has been exploited as a zero-day since June 15, 2026, in automated attacks targeting Joomla sites with the extension installed. The flaw resides in the “Submit an Event” form, where attackers can upload malicious PHP files.

“We first saw it in a client’s access log: an automated scanner identifying itself as ‘icagenda-batch/1.0’ grabbed a token, posted a malicious upload to the submit endpoint, then fetched the planted shell,” mySites.guru said. The iCagenda vulnerability affects versions 4.x up to 4.0.7 and legacy 3.x from 3.2.1 to 3.9.14.

Patches have been released in iCagenda versions 4.0.8 and 3.9.15, and site owners are advised to remove suspicious PHP files from the attachments folder. Meanwhile, CVE-2026-56291 in Balbooa Forms affects versions up to 2.4.0 and has been patched in version 2.4.1.

“Up to and including version 2.4.0, its frontend attachment upload had a serious flaw: it accepted a file from any anonymous visitor, with no login, no CSRF token, and no check on the file type,” mySites.guru said. The vulnerability was discovered on July 8, 2026, after a live attack on a customer.

- Advertisement -

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies must implement fixes by July 13, 2026. Additionally, the Australian Cyber Security Centre (ACSC) warned of a global campaign targeting vulnerable CMS software and plugins. “This highly scaled global exploitation campaign demonstrates the rapidly evolving cyber risk facing organisations,” ACSC said, adding that advances in AI are accelerating the speed and scale of cyber operations.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Binance futures hit 2026 high as spot market lags

Binance recorded $1.6 trillion in futures trading volume in June, its highest level of...

Russia, India push de-dollarization to hit $100 billion trade target

Russia and India are accelerating a bilateral trade deal to reach a $100 billion...

AI freelancers could drive $262B in stablecoin payments by 2033

Swyftx projects that $262 billion of the AI-native gig economy's payment volume could be...

LINE NEXT launches global stablecoin platform Unifi

LINE NEXT has launched Unifi, a non-custodial stablecoin platform, now available globally as it...

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Must Read

What Is the Dencun Upgrade for Ethereum?

The Dencun Upgrade for Ethereum is poised to revolutionize the blockchain landscape, offering improved scalability, efficiency, and groundbreaking features. Set to launch at the...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading