CISA Adds Actively Exploited iCagenda and Balbooa Forms Vulnerabilities to KEV Catalog

Views: 108 views

381/69 Monday, July 13, 2026

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after finding evidence that they have been actively exploited in attacks. The vulnerabilities are CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Forms, both of which are Joomla extensions and could allow attackers to upload malicious files to affected websites.

Reports indicate that CVE-2026-48939 is a vulnerability in iCagenda related to file uploads in the attachment feature, which could allow attackers to upload PHP files and lead to code execution on the server. Meanwhile, CVE-2026-56291 is a vulnerability in Balbooa Forms that allows unauthenticated attackers to upload malicious files and could lead to remote code execution on unpatched websites.

Website administrators using Joomla should check whether iCagenda or Balbooa Forms is installed in their environment. They should update iCagenda to version 3.9.15 or 4.0.8, or later, and monitor Balbooa Forms security advisories to apply patches immediately once they are released. Administrators should also inspect upload directories for PHP files or unusual files, check for web shells, unauthorized administrator accounts, and abnormal access logs. If signs of compromise are found, the affected system should be isolated from the network, website file integrity should be reviewed, and all related passwords or credentials should be changed.

Source: https://securityaffairs.com/195164/security/u-s-cisa-adds-icagenda-and-balbooa-forms-flaws-to-its-known-exploited-vulnerabilities-catalog.html