CISA adds two Joomla extension flaws to known exploited vulnerabilities catalog

CISA added iCagenda and Balbooa Forms Joomla extension flaws to its KEV catalog, citing active exploitation and remote code execution risks.

CSBadmin
1 Min Read

The U.S. Cybersecurity and Infrastructure Security Agency added two vulnerabilities affecting popular Joomla extensions to its Known Exploited Vulnerabilities catalog on July 12, 2026. The flaws impact iCagenda, an event management component, and Balbooa Forms, a form builder plugin widely used on Joomla-powered websites.

The iCagenda vulnerability allows unauthenticated attackers to execute arbitrary PHP code through improper input sanitization in event registration handlers. Balbooa Forms similarly enables remote code execution by bypassing file upload restrictions. Both extensions are maintained by third-party developers outside core Joomla.

CISA’s KEV catalog inclusion means federal civilian executive branch agencies must remediate these flaws by the binding operational directive deadline. Exploitation in the wild has been confirmed. Joomla site operators should update iCagenda and Balbooa Forms to patched versions immediately and review server logs for signs of compromise.

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.