COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-56290

CVE-2026-56290

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-07-07
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-56290
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildsupply-chain

Joomlack Page Builder allows unauthenticated remote code execution via arbitrary file upload.

This vulnerability enables remote code execution through unauthenticated file uploads, posing a severe risk to any DIB organization using Joomlack Page Builder for FedRAMP or NIST 800-171 compliance. Immediate removal of the product from production environments and patching or replacement is required to prevent unauthorized code execution and potential data breaches.

Shame score — Unauthenticated RCE via file upload is a critical, avoidable security failure that directly compromises system integrity and confidentiality.

Players implicated

Joomlack · vendorPage Builder · product

Description

Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.