Joomla
Joomla Content Editor
An improper access control vulnerability in the Widget Factory Joomla Content Editor allows unauthorized users to perform restricted actions.
2026-06-17
Description
An improper access control vulnerability in the Widget Factory Joomla Content Editor allows unauthorized users to perform restricted actions.
AI Analyst Comment
Remediation
FEDERAL DEADLINE: June 18, 2026 (2 days). Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. FEDERAL DEADLINE: June 18, 2026 (2 days). Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA KEV Details
Deadline: June 18, 2026
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
---METADATA---
VENDOR: JoomlaCK.fr
PRODUCT: Page Builder CK
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
The Page Builder CK extension for Joomla is vulnerable to an unauthenticated arbitrary file upload, enabling attackers to execute malicious code on the server.
Executive Summary:
An unauthenticated arbitrary file upload vulnerability in the Page Builder CK extension for Joomla poses a critical risk of full remote code execution.
Vulnerability Details
CVE-ID: CVE-2026-56290
Affected Software: JoomlaCK.fr Page Builder CK
Affected Versions: See vendor advisory
Vulnerability: The extension fails to properly validate file uploads, allowing an unauthenticated attacker to upload executable files to the server. This leads to full remote code execution (RCE) with the privileges of the web server user.
Business Impact
With a CVSS score of 10.0, this vulnerability represents the highest level of risk, as it allows complete compromise of the affected Joomla instance. Successful exploitation can lead to total loss of confidentiality, integrity, and availability, including unauthorized access to the underlying database and potential pivot points into the broader network.
Remediation Plan
Immediate Action: Update the Page Builder CK extension to the latest available version provided by the vendor immediately.
Proactive Monitoring: Inspect the web server's upload directories for unauthorized files and monitor for suspicious outbound network traffic originating from the web server.
Compensating Controls: Implement a Web Application Firewall (WAF) rule to block unauthorized file uploads and restrict access to administrative or sensitive upload-handling endpoints.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jun 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this RCE vulnerability and the lack of authentication required, immediate patching is mandatory. Organizations should treat this as a top-priority task to prevent potential server takeover and data exfiltration.