File Upload Vulnerability in K2 Article Gallery by K2
CVE-2026-48945

Currently unrated

Key Information:

Vendor: Getk2.com
Status: K2 Extension For Joomla
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-48945?

The K2 Article Gallery has a vulnerability where the upload path for zip/tar archives improperly handles files. It extracts images to a designated directory and renames them securely, but fails to restrict the extraction of non-image files, including executable scripts such as '.php'. This oversight permits these files to be executed via direct HTTP access, creating a significant security risk for users leveraging this gallery functionality.

Affected Version(s)

K2 extension for Joomla 1.0-2.26

References

https://www.getk2.org/

product

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
May 26, 2026

Credit

Matan Bahar

CVE-2026-48945 Data

JSON

Getk2.com

What is CVE-2026-48945?

Affected Version(s)

References

Timeline

Credit