Vulnerabilities4 min read
Joomla iCagenda, Balbooa Forms Flaws Exploited as Zero-Days
CISA adds CVE-2026-48939 and CVE-2026-56291 to KEV after attackers weaponized iCagenda and Balbooa Forms file upload bugs before patches existed. Federal deadline is July 13.
Marcus ChenJul 13, 2026