By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Joomla Extensions iCagenda and Balbooa Exploited as Zero-Days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities affecting iCagenda and Balbooa extensions for the Joomla content management system to its Known Exploited Vulnerabilities (KEV) catalog. These additions follow reports indicating that these flaws have been exploited in the wild as zero-day vulnerabilities. Both vulnerabilities have received the maximum severity score of 10.0 on the Common Vulnerability Scoring System (CVSS).
The first vulnerability, identified as CVE-2026-48939, impacts the iCagenda extension. While specific details of the vulnerability's technical nature were not fully elaborated in the initial report, its inclusion in the KEV catalog signifies active exploitation. The second vulnerability, affecting the Balbooa Joomla Forms component, is also being actively exploited. The zero-day status means that attackers are leveraging these weaknesses before developers have released patches or official mitigation strategies.
CISA mandates that federal civilian executive branch agencies must apply available security patches or mitigations for vulnerabilities listed in the KEV catalog by specific deadlines to protect their networks. The inclusion of these Joomla extension vulnerabilities suggests a significant risk to organizations utilizing these components, particularly those that have not yet updated their systems. The agency's action underscores the importance of prompt patching and vulnerability management for web applications and their associated plugins or extensions.
Exploitation of zero-day vulnerabilities poses a substantial threat because security defenses are often unaware of the attack vector. This allows attackers to gain unauthorized access, steal data, or disrupt services before organizations can implement protective measures. The active exploitation of these iCagenda and Balbooa flaws highlights a pressing need for Joomla users to remain vigilant and prioritize security updates for all installed extensions to prevent potential compromises.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.