Exposures › CVE-2026-56290
Joomlack Page Builder allows unauthenticated remote code execution via arbitrary file upload.
This vulnerability enables remote code execution through unauthenticated file uploads, posing a severe risk to any DIB organization using Joomlack Page Builder for FedRAMP or NIST 800-171 compliance. Immediate removal of the product from production environments and patching or replacement is required to prevent unauthorized code execution and potential data breaches.
Shame score — Unauthenticated RCE via file upload is a critical, avoidable security failure that directly compromises system integrity and confidentiality.
Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.
No correlated FedRAMP products.