CVE-2026-57828

Severity CVSS v4.0:
CRITICAL
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
11/07/2026
Last modified:
11/07/2026

Description

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.