iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
Overview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged two severe vulnerabilities affecting iCagenda and Balbooa extensions for Joomla, assigning them a maximum severity rating of 10.0 on the CVSS scale. These vulnerabilities have reportedly been exploited in the wild, making them a pressing concern for users of these Joomla extensions. CVE-2026-48939 is one of the identified flaws, but specific details about the second vulnerability have not been disclosed. Joomla users utilizing these extensions should take immediate action to secure their systems, as attackers are actively targeting these weaknesses. The situation emphasizes the need for timely updates and patches to prevent unauthorized access and potential data breaches.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: iCagenda and Balbooa extensions for Joomla
- Action Required: Users should update to the latest versions of iCagenda and Balbooa extensions as soon as patches are available.
- Timeline: Newly disclosed
Original Article Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below - CVE-2026-48939 - A vulnerability in the
Impact
iCagenda and Balbooa extensions for Joomla
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Users should update to the latest versions of iCagenda and Balbooa extensions as soon as patches are available. Regularly check for updates from the Joomla extensions repository and apply any security fixes provided by the developers.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Zero-day, Vulnerability.