CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability Actively Exploited (CISA KEV)

TL;DR

A security flaw in Joomlack Page Builder, identified as CVE-2026-56290, enables attackers to execute remote code by uploading malicious files without authentication. This vulnerability is currently being exploited in the wild, prompting urgent mitigation efforts.

CISA has confirmed that the CVE-2026-56290 vulnerability in Joomlack Page Builder is actively being exploited by attackers, enabling remote code execution through unauthenticated file uploads. This flaw, which involves improper access control, poses a significant security risk to websites using the plugin.

The vulnerability allows malicious actors to upload arbitrary files to affected websites without requiring authentication, potentially leading to remote code execution and full system compromise. The flaw was identified in the Joomlack Page Builder plugin, widely used in Joomla-based websites.

According to CISA, the Cybersecurity and Infrastructure Security Agency, the flaw is being exploited in active attacks, prompting urgent recommendations for affected organizations to apply mitigations immediately. The vulnerability is tracked as CVE-2026-56290.

At a glance
breakingWhen: ongoing; exploitation confirmed as of l…
The developmentCybersecurity authorities confirm that CVE-2026-56290 is actively being exploited, allowing remote code execution through improper access control in Joomlack Page Builder.

Implications of the Exploited Access Control Flaw

This vulnerability’s active exploitation means that affected websites are at immediate risk of remote code execution, which could lead to website defacement, data theft, or server compromise. The widespread use of Joomlack Page Builder amplifies the potential impact, making this a critical concern for Joomla site administrators and cybersecurity defenders.

Fortinet Web Application Firewall - Virtual Appliance for All Supported Platforms. Supports up to 1 x vCPU core FWB-VM01

Fortinet Web Application Firewall – Virtual Appliance for All Supported Platforms. Supports up to 1 x vCPU core FWB-VM01

Fortinet Web Application Firewall – virtual appliance for all supported platforms. Supports up to 1 x vCPU core

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Details of the Joomlack Page Builder Vulnerability

The CVE-2026-56290 flaw stems from improper access control mechanisms in the Joomlack Page Builder plugin, allowing attackers to upload malicious files without authentication. The vulnerability was identified by security researchers and has now been confirmed to be actively exploited in the field. The flaw affects versions prior to the latest patched release, which is now recommended for immediate application.

Joomlack Page Builder is a popular tool for creating and managing Joomla websites, with a significant user base. The vulnerability was disclosed as part of ongoing cybersecurity monitoring and was added to the CISA KEV (Known Exploited Vulnerabilities) catalog.

“The active exploitation of CVE-2026-56290 poses a serious threat to affected websites, and immediate mitigation is strongly advised.”

— CISA spokesperson

Security Patch, 2 Pcs Reflective Security Hook and Loop Patch for Vest Printed Letters Embroidery Patches for Officer Guard Custom Uniforms Vest, Jacket, Carrier, Bag, Hat (Black, 1 Small and 1 Large)

Security Patch, 2 Pcs Reflective Security Hook and Loop Patch for Vest Printed Letters Embroidery Patches for Officer Guard Custom Uniforms Vest, Jacket, Carrier, Bag, Hat (Black, 1 Small and 1 Large)

【Package Content】The package contains two security patches for vest, one small (5.5 x 2.5 inches) and one large…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Unresolved Questions About the Exploitation Scope

It is not yet clear how widespread the current exploitation is or whether specific versions of Joomlack Page Builder are targeted more heavily. Details about the attack vectors and the full extent of compromised systems remain under investigation. Additionally, the timeline for a comprehensive patch release has not been publicly confirmed.

Amazon

malware detection tools for websites

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Next Steps for Affected Website Owners and Developers

Website administrators using Joomlack Page Builder should immediately verify their versions and apply the latest security patches provided by the vendor. Security experts recommend reviewing server logs for signs of unauthorized file uploads and implementing additional security controls such as web application firewalls. Ongoing monitoring for further exploitation activity is also advised.

Developers are expected to release an official patch addressing the flaw soon, and users should stay informed through vendor advisories and cybersecurity alerts.

Amazon

Joomla security monitoring software

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

What is CVE-2026-56290?

CVE-2026-56290 is a security vulnerability in Joomlack Page Builder that allows remote attackers to execute code on affected websites through unauthenticated file uploads.

How is this vulnerability being exploited?

Cybersecurity authorities have confirmed that attackers are actively exploiting the flaw by uploading malicious files without requiring authentication, leading to potential remote code execution.

Who is affected by this vulnerability?

Any website using vulnerable versions of Joomlack Page Builder is at risk, especially if the plugin is not updated to the latest patched version.

What should website owners do now?

They should verify their plugin version, apply available security patches immediately, review server logs for suspicious activity, and consider additional security measures such as firewalls.

Will a fix be released soon?

Vendor updates are anticipated, but the exact timeline for the official patch has not been publicly confirmed. Users should monitor vendor advisories for updates.

Source: kev

You May Also Like

Tenda Firmware (Multiple Versions) Contains Hidden Authentication Backdoor

Multiple versions of Tenda router firmware contain a hidden authentication backdoor, raising security concerns for users worldwide.

SQL patterns I use to catch transaction fraud

An analysis of SQL-based patterns used to identify transaction fraud, including velocity checks, impossible travel, amount anomalies, and suspicious merchant activity.

A New Bill Takes Aim at Government Pressure to Silence Lawful Online Speech

Senators Cruz and Wyden introduce the JAWBONE Act to combat government coercion of private platforms over lawful speech, advancing free expression protections.

The Regulatory Vacuum.

Google disclosed a zero-day vulnerability exploited by criminals using AI, highlighting a lack of regulatory frameworks. The event exposes urgent policy gaps.