CVE-2026-56290
Received Received - Intake

Unauthenticated Arbitrary File Upload in Page Builder CK

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Joomla! Project

Description
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-56290
EUVD
EUVD-2026-40121

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
joomla page_builder_ck *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The Joomla extension Page Builder CK has a vulnerability that allows an unauthenticated attacker to upload arbitrary files, including executable files. This flaw can lead to full remote code execution (RCE) on the affected system.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to execute arbitrary code remotely without authentication. This can lead to complete compromise of the affected server, unauthorized access to sensitive data, disruption of services, and potential use of the server for malicious activities.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56290. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart