CVE Catalog

CVE-2026-48939

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile — higher than 40% of all known CVEs

Summary

A vulnerability in the iCagenda extension for Joomla allows arbitrary file upload in the attachment feature, leading to PHP code upload and execution.

Risk Assessment

An attacker can achieve remote code execution on the server, potentially leading to full compromise of the Joomla site and data access.

Recommendation

Immediately update the iCagenda extension to the latest version and restrict file upload capabilities to trusted users only.

Original NVD description (English source)

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS