🔴 Critical | Source: CISA Known Exploited Vulnerabilities
A critical vulnerability in the Joomlack Page Builder plugin allows unauthenticated attackers to upload arbitrary files to a server, which can be exploited to execute malicious code remotely. This is classified as an improper access control flaw, meaning no login or privileges are required to exploit it. CISA has added it to its Known Exploited Vulnerabilities catalogue, confirming active exploitation in the wild.
Security Architect’s Take: Immediately audit your environment for any Joomla instances running the Joomlack Page Builder plugin and apply vendor patches or mitigations before the 10 July 2026 remediation deadline. If patching is not immediately possible, consider disabling the plugin and blocking unauthenticated file upload endpoints at the WAF or network perimeter level.
Original advisory: CVE-2026-56290: Joomlack Page Builder