CVE Details

CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
Published: 2026-07-10 CVSS: 10 CRITICAL Product: Balbooa Forms Due Date: 2026-07-13

Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

No GitHub PoC data.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

No EPSS data.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 10
  • Severity: CRITICAL
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red

SSVC

  • Exploitation: none
  • Automatable: yes
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-56291
cveMetadata > assignerOrgId 6ff30186-7fb7-4ad9-be33-533e7b05e586
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName Joomla
cveMetadata > dateReserved 2026-06-20T11:57:32.752Z
cveMetadata > datePublished 2026-07-09T09:53:57.886Z
cveMetadata > dateUpdated 2026-07-09T14:03:35.563Z
containers > cna > affected > 0 > defaultStatus unaffected
containers > cna > affected > 0 > product balbooa.com Balbooa Forms extension for Joomla
containers > cna > affected > 0 > vendor balbooa.com
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > affected > 0 > versions > 0 > version 1.0-2.4.0
containers > cna > credits > 0 > lang en
containers > cna > credits > 0 > type finder
containers > cna > credits > 0 > value Phil Taylor
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > supportingMedia > 0 > base64 False
containers > cna > descriptions > 0 > supportingMedia > 0 > type text/html
containers > cna > descriptions > 0 > supportingMedia > 0 > value The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
containers > cna > descriptions > 0 > value The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
containers > cna > impacts > 0 > capecId CAPEC-242
containers > cna > impacts > 0 > descriptions > 0 > lang en
containers > cna > impacts > 0 > descriptions > 0 > value CAPEC-242: Code Injection
containers > cna > metrics > 0 > cvssV4_0 > Automatable YES
containers > cna > metrics > 0 > cvssV4_0 > Recovery NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > Safety NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV4_0 > attackRequirements NONE
containers > cna > metrics > 0 > cvssV4_0 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV4_0 > baseScore 10
containers > cna > metrics > 0 > cvssV4_0 > baseSeverity CRITICAL
containers > cna > metrics > 0 > cvssV4_0 > exploitMaturity ATTACKED
containers > cna > metrics > 0 > cvssV4_0 > privilegesRequired NONE
containers > cna > metrics > 0 > cvssV4_0 > providerUrgency RED
containers > cna > metrics > 0 > cvssV4_0 > subAvailabilityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > subConfidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > subIntegrityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > userInteraction NONE
containers > cna > metrics > 0 > cvssV4_0 > valueDensity NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > vectorString CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
containers > cna > metrics > 0 > cvssV4_0 > version 4.0
containers > cna > metrics > 0 > cvssV4_0 > vulnAvailabilityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnConfidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnIntegrityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnerabilityResponseEffort NOT_DEFINED
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-434
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-434: Unrestricted Upload of File with Dangerous Type
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > providerMetadata > orgId 6ff30186-7fb7-4ad9-be33-533e7b05e586
containers > cna > providerMetadata > shortName Joomla
containers > cna > providerMetadata > dateUpdated 2026-07-09T14:03:35.563Z
containers > cna > references > 0 > tags > 0 product
containers > cna > references > 0 > url https://www.balbooa.com/joomla-forms
containers > cna > references > 1 > tags > 0 third-party-advisory
containers > cna > references > 1 > url https://mysites.guru/blog/balbooa-forms-unauthenticated-file-upload-flaw/
containers > cna > source > discovery UNKNOWN
containers > cna > title Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
containers > cna > x_generator > engine Vulnogram 0.1.0-dev
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-07-09T13:48:48.403173Z
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-56291
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation none
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-07-09T13:48:53.656Z