๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability
Summary
Joomlack Page Builder has a security flaw in its access control (the system that checks who is allowed to do what) that lets attackers upload files and run code on affected systems without needing to log in first. This vulnerability is currently being exploited by hackers in real-world attacks. Organizations using this software must apply vendor-provided fixes by July 10, 2026, or stop using the product if no fixes are available.
Solution / Mitigation
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA's BOD 26-04 guidance on prioritizing security updates. Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 0.4%
Yes
๐ฅ Actively Exploited
July 6, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-56290
First tracked: July 7, 2026 at 02:01 PM
Classified by LLM (prompt v3) ยท confidence: 95%