CISA Warns of Actively Exploited Critical Joomla Extension Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency has added two critical Joomla extension vulnerabilities, CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Forms, to its Known Exploited Vulnerabilities catalog following reports of zero-day attacks. Both flaws allow unauthenticated attackers to upload malicious PHP files, leading to remote code execution on vulnerable Joomla websites, with security researchers observing automated exploitation before patches became available. Updated versions have been released to address the vulnerabilities, and administrators are advised to inspect upload directories, remove unauthorized PHP files, and review systems for signs of compromise. Separately, Australia’s Australian Cyber Security Centre warned of a broader global campaign targeting vulnerabilities across multiple content management systems and plugins to deploy web shells and gain persistent access to web servers.
Reference: thehackernews.com