Security Advisory - Published 2026-07-01 - Joomla Extensions
Joomla extension check: Page Builder CK, JoomCCK, and Helix3
This Joomla batch affects extension upload, front-end controller, and template-setting surfaces. Patch the extension first, then review files, database errors, template changes, and administrator activity.
Affected CVEs in this batch
| CVE | Product | Affected | Review | CVSS |
|---|---|---|---|---|
| CVE-2026-56290 | Page Builder CK | vendor advisory | uploaded files and extension state | 10.0 |
| CVE-2026-49048 | JoomCCK | vendor advisory | database errors and front-end controller logs | 9.8 |
| CVE-2026-49049 | Helix3 | vendor advisory | template files and extension settings | 7.5 |
What to check
- Whether Page Builder CK, JoomCCK, or Helix3 is installed on public Joomla sites.
- Extension versions, template parameters, recently changed JSON/config files, and uploaded files.
- Front-end controller access logs, database errors, administrator sessions, and failed extension requests.
- New PHP files, changed template files, or unexpected file ownership under the Joomla web root.
Safe fix path
- Patch or disable the affected extension before starting file cleanup.
- Preserve web logs, Joomla logs, database errors, file timestamps, and a copy of extension configuration.
- Review administrator accounts, templates, uploaded files, and extension settings.
- Rebuild from a clean backup if file integrity is unclear after patching.
Compromise indicators
- Unexpected files in upload or template directories.
- Template parameters changed outside a maintenance window.
- Database errors around extension front-end requests.
- Unknown administrator sessions or new extension files that do not match the installed package.
When to ask Ping7 for repair
Use Ping7 CVE Repair when the Joomla site is public, extension files may have changed, database activity is suspicious, or cleanup must preserve evidence before rebuilding.