All CVEs
Vulnerability intelligence

CVE-2026-56290

CWE-434

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVSS Score
10
Critical
EPSS — Exploit Probability
0.4%
Riskier than 28% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2026-07-07
Remediation
Patch available
Federal deadline 2026-07-10
NVD entry Vendor patch PoC / advisory CISA KEV

1 article across 1 outlet · first covered Jul 7, 2026 · latest Jul 7, 2026

Coverage timeline