Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
Unauthenticated network upload (PR:N/UI:N/AC:L) yielding code execution that escapes the app to the host justifies S:C with full C/I/A impact.
Primary rating from Vendor (Joomla).
CVSS VectorVendor: Joomla
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
Lifecycle Timeline
3DescriptionCVE.org
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Articles & Coverage 1
AnalysisAI
Unauthenticated arbitrary file upload in the Joomlack Page Builder CK extension for Joomla allows remote attackers to upload executable (PHP) files and achieve full remote code execution on the host. Any Joomla site running this extension is exposed to complete compromise without credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target Joomla site must have the Joomlack Page Builder CK extension installed and its file-upload/handling endpoint reachable over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Every signal points to top-tier priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scanning for Joomla sites running Page Builder CK sends a crafted HTTP POST to the extension's unauthenticated upload endpoint, submitting a PHP webshell accepted as an uploadable file. Because no authentication or extension filtering blocks it, the file lands in the webroot; the attacker then requests its URL and the server executes it, yielding remote code execution. … |
| Remediation | No vendor-released patch version is identified in the available data; the only reference is the vendor site https://www.joomlack.fr/, which should be checked for an updated Page Builder CK release and applied immediately once available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Joomla instances using the Joomlack Page Builder CK extension; immediately disable and uninstall the extension across all systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40121
GHSA-gxrr-wfg5-xqqf