Critical Joomla Extension Vulnerabilities Added to CISA's Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert to organizations following reports of active exploitation of two critical security vulnerabilities affecting popular Joomla extensions. Both flaws, which impact the iCagenda and Balbooa Forms extensions, have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog after confirmation that threat actors are leveraging these security gaps as zero-days in real-world attacks. The severity of these vulnerabilities cannot be overstated, with both receiving a perfect 10.0 rating on the CVSS scoring system—the highest possible severity designation.
The vulnerabilities, identified as CVE-2026-48939 and a second similarly critical flaw affecting Joomla's Balbooa Forms extension, represent significant risks to organizations utilizing these popular content management components. Based on current intelligence, the iCagenda vulnerability appears to involve improper access controls that could allow unauthorized attackers to execute arbitrary code or gain administrative privileges on affected systems. Meanwhile, the Balbooa Forms flaw likely enables malicious actors to bypass security restrictions, potentially leading to complete system compromise. Any organization running Joomla with either of these extensions installed should consider their systems at immediate risk of compromise.
The implications for security teams are particularly concerning. Joomla remains a widely adopted content management system across government agencies, educational institutions, and enterprise environments. The addition of these vulnerabilities to the KEV catalog indicates that federal agencies must remediate them according to binding operational directives. For all other organizations, these active zero-day exploits represent a ticking time bomb, as