Balbooa Product Security Update Advisory (CVE-2026-56291)

Balbooa Product Security Update Advisory (CVE-2026-56291)

Balbooa Product Security Update Advisory (CVE-2026-56291).


A security update has been released to address a vulnerability in Balbooa products.

Affected Products.

  • Balbooa Forms versions prior to 2.4.1.

Resolved Vulnerability.

  • CVE-2026-56291.
  • This is a remote code execution vulnerability in Balbooa Forms caused by arbitrary file uploads through which threat actors upload unauthorized files.
  • Remote code execution refers to a situation where a threat actor can execute code on the system remotely.

Response.

  • A Vulnerability Patch has been provided via the latest update.
  • You must update to the latest version of the Vulnerability Patch following the instructions on the reference sites.

Reference Sites.

  • [1] Joomla Extension – balbooa.Com – Unauthenticated file upload in Balbooa Forms extension < 2.4.1.
  • [2] Changelog 2.4.1 — July 9, 2026.