Joomla Extension – joomlack.fr – Unauthenticated file upload in Page...

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red

Description

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

AI Analysis

Unauthenticated arbitrary file upload vulnerability in Page Builder CK extension for Joomla, allowing full RCE.

Basic Information

ID CVE-2026-56290

Source Joomla

Published Jun 29, 2026 at 14:31

Affected Product

Vendor joomlack.fr

Product JoomlaCK.fr Page Builder CK extension for Joomla

Version 1.0-3.6.0

Affected Versions joomlack.fr JoomlaCK.fr Page Builder CK extension for Joomla 1.0-3.6.0

CWE Classification

CWE-284

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor joomlack.fr

Product Page Builder CK extension for Joomla

Version 1.0-3.6.0

References

www.joomlack.fr /

{
    "lastseen": "",
    "description": "The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.",
    "published": "2026-06-29T14:31:37.952Z",
    "modified": "2026-06-29T14:31:37.952Z",
    "type": "cve",
    "title": "Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0",
    "source": "Joomla",
    "references": "https://www.joomlack.fr/",
    "id": "CVE-2026-56290",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "joomlack.fr JoomlaCK.fr Page Builder CK extension for Joomla 1.0-3.6.0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JoomlaCK.fr Page Builder CK extension for Joomla",
    "version": "1.0-3.6.0",
    "vendor": "joomlack.fr",
    "ai_description": "Unauthenticated arbitrary file upload vulnerability in Page Builder CK extension for Joomla, allowing full RCE.",
    "ai_severity": "Critical",
    "ai_vendor": "joomlack.fr",
    "ai_product": "Page Builder CK extension for Joomla",
    "ai_version": "1.0-3.6.0",
    "ai_score": 10
}

Joomla Extension – joomlack.fr – Unauthenticated file upload in Page Builder CK extension < 3.6.0_CVE-2026-56290