Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-56290
PUBLISHED
More InfoOfficial Page
Assigner-Joomla
Assigner Org ID-6ff30186-7fb7-4ad9-be33-533e7b05e586
View Known Exploited Vulnerability (KEV) details
Published At-29 Jun, 2026 | 14:31
Updated At-01 Jul, 2026 | 03:55
Rejected At-
▼CVE Numbering Authority (CNA)
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Affected Products
Vendor
joomlack.fr
Product
JoomlaCK.fr Page Builder CK extension for Joomla
Default Status
unaffected
Versions
Affected
  • 1.0-3.6.0
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-242CAPEC-242: Code Injection
CAPEC ID: CAPEC-242
Description: CAPEC-242: Code Injection
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Phil Taylor
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.joomlack.fr/
product
Hyperlink: https://www.joomlack.fr/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://mysites.guru/blog/pagebuilderck-unauthenticated-file-upload-rce/
third-party-advisory
https://forum.joomlack.fr/index.php/page-builder-ck/21627-nouvelle-version-de-pbck-et-joomla-3
patch
Hyperlink: https://mysites.guru/blog/pagebuilderck-unauthenticated-file-upload-rce/
Resource:
third-party-advisory
Hyperlink: https://forum.joomlack.fr/index.php/page-builder-ck/21627-nouvelle-version-de-pbck-et-joomla-3
Resource:
patch
Details not found