CISA KEV Alert 7/10/2026, 6:02:05 PM

CVE-2026-56291 lets attackers hijack systems via Balbooa Forms

Developing story vulnerability 2 articles tracked
CISA adds Balbooa Forms file‑upload flaw (CVE-2026-56291) to KEV catalogue
CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Status Unknown

CISA has added CVE‑2026‑56291 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects Balbooa Forms and is named the Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability. It allows an unauthenticated attacker to upload arbitrary files, including executable code, which can lead to full remote code execution on the affected system.

The vulnerability is an unrestricted file‑upload flaw that accepts files of dangerous types without proper validation. An attacker can send a specially crafted request to the Forms component, upload a web shell or malicious binary, and then execute it to gain control of the server. The CVSS v3.1 score is 10.0, rating the issue as CRITICAL. At the time of writing, no patch or advisory has been published by Balbooa, so a fix is not yet available.

Because the CVE appears in the KEV catalogue, active exploitation in the wild has been confirmed. No known ransomware campaign use has been reported. CISA has set a remediation deadline of 13 July 2026 for federal civilian executive branch (FCEB) agencies to address the issue.

CISA directs FCEB agencies to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26‑04 Prioritizing Security Updates Based on Risk guidance and CISA’s “Forensics Triage Requirements”. Agencies must follow the applicable BOD 26‑04 guidance for cloud services or discontinue use of Balbooa Forms if mitigations cannot be applied. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26‑04 patching guidelines. All other organisations are advised to review their exposure to the product and implement any available mitigations promptly.

For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-56291 and the CISA KEV catalogue.

View CISA KEV Entry

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline