macc /
EN FR
Book a meeting
← Back to console
Critical CCB · Belgium CVE-2026-56290

Critical unauthenticated arbitrary file upload vulnerability CVE-2026…

Published

Description

This weakness allows attackers to conduct the following: Delivery - The attacker sends a crafted HTTP(S) request to a vulnerable Joomla instance running the Page Builder CK extension and uploads a malicious file through the extension's exposed upload functionality. 2. Unauthorized Arbitrary File Upload - Due to improper access control, the Page Builder CK extension fails to enforce authentication and authorization checks on the file upload functionality. As a result, unauthenticated attackers can upload arbitrary files, including executable scripts, to the server. 3. Execute / Post-Compromise - After successfully uploading a malicious executable file, the attacker can access and execute the uploaded file on the server, resulting in remote code execution with the privileges of the web serve