CVE-2026-56291
Severity CVSS v4.0:
CRITICAL
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
09/07/2026
Last modified:
09/07/2026
Description
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.



