Description
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Published: 2026-06-29
Score: 10 Critical
EPSS: < 1% Very Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 07 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-07-07T00:00:00+00:00', 'dueDate': '2026-07-10T00:00:00+00:00'}


Sun, 05 Jul 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284 CWE-434

Wed, 01 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Joomlack
Joomlack page Builder Ck Extension For Joomla
Vendors & Products Joomlack
Joomlack page Builder Ck Extension For Joomla

Tue, 30 Jun 2026 17:30:00 +0000


Mon, 29 Jun 2026 17:30:00 +0000


Mon, 29 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Title Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red'}


Subscriptions

Joomlack Page Builder Ck Extension For Joomla
cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published:

Updated: 2026-07-07T17:54:17.251Z

Reserved: 2026-06-20T11:57:32.752Z

Link: CVE-2026-56290

cve-icon Vulnrichment

Updated: 2026-06-29T15:12:24.172Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T08:15:11Z

Weaknesses