Balbooa Product Security Update Advisory (CVE-2026-56291)
Balbooa Product Security Update Advisory (CVE-2026-56291).
A security update has been released to address a vulnerability in Balbooa products.
Affected Products.
- Balbooa Forms versions prior to 2.4.1.
Resolved Vulnerability.
- CVE-2026-56291.
- This is a remote code execution vulnerability in Balbooa Forms caused by arbitrary file uploads through which threat actors upload unauthorized files.
- Remote code execution refers to a situation where a threat actor can execute code on the system remotely.
Response.
- A Vulnerability Patch has been provided via the latest update.
- You must update to the latest version of the Vulnerability Patch following the instructions on the reference sites.
Reference Sites.
- [1] Joomla Extension – balbooa.Com – Unauthenticated file upload in Balbooa Forms extension < 2.4.1.
- [2] Changelog 2.4.1 — July 9, 2026.