THREAT OPS › Threat News › iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild.
The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below -
CVE-2026-48939 - A vulnerability in the
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Indicators of compromise
- CVE-2026-48939cve