CVE-2026-57827 CRITICAL

CVE-2026-57827: Joomla Extension - rsjoomla.com - Unauthenticated file upload in RSFiles component < 1.17.12

Vendor Rsjoomla.com
Product rsjoomla.com RSFiles extension for Joomla
Weakness CWE-434 · Unrestricted file upload
Published July 11, 2026
Last update July 11, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red

What the vulnerability does

01Description

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Explanation of Vulnerability in Simple Terms

02Summary

The RSFiles extension for Joomla contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files to the server over the network. An attacker can exploit this to upload malicious files, potentially gaining control of the site. No user interaction is required. Update to a version newer than 1.17.11.

What an attacker can do

03Attacker Capabilities

Upload arbitrary files to the server without authentication, potentially executing code or compromising the site.

Potential impact on your site

04Site Impact

Attackers can upload malicious files and run code on your Joomla site, leading to full compromise.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

July 11, 2026 CVE published

Related vulnerabilities

08Related CVE