CVE-2026-57828
Severity CVSS v4.0:
CRITICAL
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
11/07/2026
Last modified:
11/07/2026
Description
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
Impact
Base Score 4.0
9.00
Severity 4.0
CRITICAL



