CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-56290CVSS 10.0CISA KEVWeb

CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVSS
10.0 CRITICAL
EPSS
27.63%
Known exploited
yes
Product
Page Builder

What is known

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Sources

Security newsletter

Get new CVE alerts before they become an incident

We send selected infrastructure threats in English, with practical notes for DataHouse environments.

  • DataHouse: server administration and secure cloud
  • Hostilla.pl: hosting and mail services
  • SecDNS.pl: free DNS security layer