CVE-2026-57827
Received
Received - Intake
Unauthenticated Arbitrary File Upload in RSFiles Leading to RCE
Vulnerability report for CVE-2026-57827, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-11
Last updated on: 2026-07-11
Assigner: Joomla! Project
Description
Description
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joomla | rsfiles | * |
| rsjoomla | rsfiles | to 1.17.12 (exc) |
| rsjoomla | rsfiles | to 1.17.11 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |