securityaffairs.com 7/11/2026, 8:19:19 PM · external

CISA Flags iCagenda, Balbooa Forms Flaws; Urges Fix by July 2026

CISA Flags iCagenda, Balbooa Forms Flaws; Urges Fix by July 2026
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities in iCagenda and Balbooa Forms to its Known Exploited Vulnerabilities (KEV) catalog. These include CVE-2026-48939, which involves unrestricted file upload allowing for PHP code execution in iCagenda, and CVE-2026-56291, which permits unauthenticated file uploads in Balbooa Forms, enabling remote code execution (RCE).

CISA mandates that federal agencies remediate these vulnerabilities by July 13, 2026, and advises private organizations to also address these issues in their systems.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline