Skip to content
CISA Known Exploited Vulnerability

CVE-2026-56290

Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.

⚠ Actively exploited (CISA KEV) Joomla 2026
CISA catalog entry
Product
Page Builder
Vendor
Joomlack
Added to KEV
2026-07-07
Remediation due
2026-07-10