PT-2026-53285 · Joomla · Page Builder Ck
Phil Taylor
·
Published
2026-06-29
·
Updated
2026-06-29
·
CVE-2026-56290
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red |
Name of the Vulnerable Software and Affected Versions
Page Builder CK versions prior to 3.6.0
Description
The Joomla extension Page Builder CK contains a flaw that allows an unauthenticated user to perform an arbitrary file upload. This issue enables the uploading of executable files, which can lead to full Remote Code Execution (RCE), a state where an attacker can execute arbitrary commands on the server.
Recommendations
Update Page Builder CK to version 3.6.0.
Fix
RCE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Page Builder Ck