{"vulnerability": "CVE-2026-56291", "sightings": [{"uuid": "97f961ca-8449-4e8a-b840-03e61b27a54b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56291", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116889906648087046", "content": "CVE-2026-56291 | CRITICAL: Balbooa Forms for Joomla (v1.0 \u2013 2.4.0) allows unauthenticated RCE via arbitrary file upload (CWE-434). No patch yet. Disable or restrict access until fixed. https://radar.offseq.com/threat/cve-2026-56291-cwe-434-unrestricted-upload-of-file-aa89baa3213ad239 #OffSeq #Joomla #RCE #Vuln", "creation_timestamp": "2026-07-09T12:00:30.367028Z"}, {"uuid": "596be121-8685-40e9-802b-8ecb5f64837f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56291", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq7ljhukn42i", "content": "CRITICAL: Balbooa Forms for Joomla (1.0 \u2013 2.4.0) lets unauthenticated attackers upload and run files, enabling full RCE. No patch out. Restrict or disable use now. https://radar.offseq.com/threat/cve-2026-56291-cwe-434-unrestricted-upload-of-file-aa89baa3213ad239 #OffSeq #Joomla #Security", "creation_timestamp": "2026-07-09T12:00:31.415727Z"}, {"uuid": "3ce5e181-ab04-4604-94f8-bfa1df6b5e7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq7lnwtosi2x", "content": "CVE-2026-56291 - Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension\nCVE ID : CVE-2026-56291\n \n Published : July 9, 2026, 11:16 a.m. | 32\u00a0minutes ago\n \n Description : The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arb...", "creation_timestamp": "2026-07-09T12:03:01.091980Z"}, {"uuid": "006e5266-04a2-4f05-8d60-22113691a7e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116896829543133479", "content": "CISA has added two vulnerabilities to the KEV catalogue.\n-  CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-48939\n-  CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-56291 #CISA #infosec #vulnerability", "creation_timestamp": "2026-07-10T17:21:04.803099Z"}, {"uuid": "92e2ef8f-d2e2-4918-bf2c-700fc0fc3b85", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/2441e572-031d-4f21-a37b-f97ea742bf70", "content": "", "creation_timestamp": "2026-07-10T18:00:02.597504Z"}, {"uuid": "432d1805-bc35-4faa-90ea-ad5d011cfcd9", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7f8175a4-d002-4926-ad93-9c4b5f79efc9", "content": "", "creation_timestamp": "2026-07-10T18:00:24.652822Z"}, {"uuid": "e9093ec0-6b07-499f-8210-ea42aaa0e23a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mqcr4thq7p2j", "content": "\ud83d\uded1 CVE-2026-56291\nBalbooa Forms\nCVSS 10.0 / EPSS 0% / KEV \u2705\nTL;DR: The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload t\u2026\nhttps://cvesentinel.com/report/CVE-2026-56291?utm_source=bluesky&amp;utm_medium=social&amp;utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-07-10T18:18:48.716003Z"}, {"uuid": "d8a4ab19-c0a6-4b4c-94a8-0bff151baf53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6961010", "content": "2026-07-10: [CVE-2026-56291] Balbooa Forms Unrestricted Upload of File with Dangerous Type VulnerabilityBalbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE.\ncisakev", "creation_timestamp": "2026-07-10T21:00:34.038500Z"}, {"uuid": "79017480-3fda-42e1-9ed6-48d6d54a490a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqdlc7ntu62d", "content": "\ud83d\udccc CVE-2026-56291 - The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full ... https://www.cyberhub.blog/cves/CVE-2026-56291", "creation_timestamp": "2026-07-11T02:07:06.837562Z"}, {"uuid": "c5e2e593-7508-4973-bffa-30b0a4562194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56291", "type": "seen", "source": "https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mqebrjho4z2k", "content": "A perfect 10. That's the CVSS score for this one.\n\nCVE-2026-56291.\n\nhttps://www.yazoul.net/advisory/cve/cve-2026-56291-balbooa-forms-unauthenticated-rce-exploited/\n\n#CyberSecurity #PatchNow", "creation_timestamp": "2026-07-11T08:49:23.026355Z"}, {"uuid": "35b06be8-e127-4ed8-825d-8b96051085b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/vulnsea.com/post/3mqfjy535kc2p", "content": "\ud83c\udf11 HADAL \u00b7 actively exploited critical\nCVE-2026-56291: The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading exec\u2026\nCVSS 9.8 \u00b7 EPSS 0.8% \u00b7 CISA KEV \u00b7 0day\nhttps://beta.vulnsea.com/cve/CVE-2026-56291\n\n#CVE #infosec #cybersecurity #threatintel", "creation_timestamp": "2026-07-11T20:48:54.092666Z"}, {"uuid": "5cf009e2-084b-424b-929b-9d0a7484e8db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56291", "type": "seen", "source": "https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mqgt2iclle2z", "content": "\u26a0\ufe0f A perfect 10.0 CVSS score. That's not a typo.\n\nCVE-2026-56291.\n\nhttps://www.yazoul.net/advisory/cve/cve-2026-56291-balbooa-forms-unauthenticated-rce-exploited/\n\n#InfoSec #DataBreach", "creation_timestamp": "2026-07-12T09:03:56.463983Z"}, {"uuid": "0794fe45-caa6-415a-b5e8-09d6c7f0ffa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116907369274600216", "content": "\ud83d\udcf0 CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog\n\ud83d\udce2 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) &amp; CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/cisa-adds-joomla-icagenda-balbooa-flaws-to-kev-catalog/?utm_source=mastodon&amp;utm_medium=social&amp;utm_campaign=daily", "creation_timestamp": "2026-07-12T14:01:28.665080Z"}, {"uuid": "a14a455c-2bb7-4a3c-b8fd-4e7115d97493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mqhdpsawu725", "content": "\ud83d\udce2 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) &amp; CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-07-12T14:02:12.095025Z"}, {"uuid": "42c02467-9f05-489e-a079-d47cce188268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfhzysx72c", "content": "CVE-2026-56291: Joomla Extensions Expose Organizations to Critical Risk #CVE202656291 #Joomla #CyberSecurity", "creation_timestamp": "2026-07-13T09:38:58.248040Z"}, {"uuid": "c38cfd8d-b545-415e-abec-b6a7e7cff668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mqir6myhs62o", "content": "The latest update for #CyCognito includes \"Emerging Threat: (CVE-2026-56291) Balbooa Forms Remote Code Execution via Unauthenticated File Upload\".\n\n#cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X", "creation_timestamp": "2026-07-13T03:35:47.664162Z"}, {"uuid": "454ed6ed-c205-4ff6-9fba-194a6c809847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mqj5wg6v462s", "content": "\ud83e\udd16 CVE-2026-48939 &amp; CVE-2026-56291 (CVSS 10.0): Two Joomla extensions exploited as zero-days in the wild. Unauthenticated RCE via file upload. CISA KEV added.\nhttps://thehackernews.com/2026/07/icagenda-and-balbooa-forms-joomla-flaws.html", "creation_timestamp": "2026-07-13T07:23:50.791754Z"}, {"uuid": "e76cacb3-e0b6-4ec9-9a4d-e982a5d34083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfhuju4x2f", "content": "CVE-2026-56291: Exploitation of Joomla Extensions is an Immediate Risk #CVE2026 #JoomlaSecurity #CyberSecurity", "creation_timestamp": "2026-07-13T09:38:52.557665Z"}, {"uuid": "6caa5a22-fcb4-4b05-b316-d7edd33ccf45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfhw4p3627", "content": "CVE-2026-56291 and CVE-2026-48939: Joomla Extensions Expose Unpatched Risk #Joomla #Cybersecurity #Vulnerability", "creation_timestamp": "2026-07-13T09:38:54.144523Z"}, {"uuid": "b5ed8d75-a146-4782-95a0-96491d246d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfhxw7if2k", "content": "CVE-2026-56291 and CVE-2026-48939: Joomla Extensions Expose Untracked Risks #CyberSecurity #Vulnerabilities #Joomla", "creation_timestamp": "2026-07-13T09:38:56.454019Z"}, {"uuid": "ef73c266-e367-4cdb-aa46-ab92b208fa44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfi57zv32j", "content": "CVE-2026-56291: Joomla Extensions Vulnerabilities Don't Justify Alarmist Hype #CyberSecurity #Joomla #Vulnerabilities", "creation_timestamp": "2026-07-13T09:39:01.867290Z"}, {"uuid": "d7402c10-1fc9-4e3a-a416-8d35667f7021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfm3n2vp2f", "content": "CVE-2026-56291 and CVE-2026-48939: Urgency or Overreaction in Joomla's Security Response? #Joomla #CyberSecurity #VulnerabilityManagement", "creation_timestamp": "2026-07-13T09:41:14.678841Z"}]}