Arbitrary File Upload Vulnerability in iCagenda Extension for Joomla
CVE-2026-48939

10CRITICAL

Key Information:

Vendor: Icagenda.com
Status: Icagenda Extension For Joomla
Vendor: CVE Published:; 20 June 2026

🔔 Create Icagenda.com Vulnerability Alert

What is CVE-2026-48939?

A vulnerability in the iCagenda extension for Joomla permits unauthorized users to upload arbitrary files through the file attachment feature. This flaw can lead to the upload and subsequent execution of malicious PHP code, potentially compromising the security of the affected Joomla installations.

Affected Version(s)

iCagenda extension for Joomla 1.0.0-3.9.14

iCagenda extension for Joomla 4.0.0-4.0.7

References

https://www.icagenda.com/

product

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2026
Vulnerability Reserved
May 26, 2026

Credit

Phil Taylor

CVE-2026-48939 Data

JSON