The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
History

Wed, 01 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Joomlack
Joomlack page Builder Ck Extension For Joomla
Vendors & Products Joomlack
Joomlack page Builder Ck Extension For Joomla

Tue, 30 Jun 2026 17:30:00 +0000


Mon, 29 Jun 2026 17:30:00 +0000


Mon, 29 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Title Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2026-06-29T14:31:37.952Z

Updated: 2026-07-01T03:55:55.662Z

Reserved: 2026-06-20T11:57:32.752Z

Link: CVE-2026-56290

cve-icon Vulnrichment

Updated: 2026-06-29T15:12:24.172Z

cve-icon NVD

No data.

cve-icon Redhat

No data.