AI description
CVE-2026-48939 describes an unrestricted file upload vulnerability found within the iCagenda extension for Joomla. This flaw permits the upload of arbitrary files through the file attachment feature. The vulnerability ultimately enables the upload and execution of PHP code on the affected server. This issue has been added to CISA's Known Exploited Vulnerabilities Catalog, indicating that it is being actively exploited.
- Description
- A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
- Source
- security@joomla.org
- NVD status
- Analyzed
- Products
- icagenda
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Exploit added on
- Jul 10, 2026
- Exploit action due
- Jul 13, 2026
- Required action
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
🚨 CRITICAL: CVE-2026-48939 in iCagenda allows unrestricted file upload leading to PHP code execution. CISA KEV-listed—actively exploited. Patch immediately. #CVE #PatchNow #ThreatIntel https://t.co/6e9e6g0nLG
@DFIR_Lab
12 Jul 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟦 PCMedicalist Signal · Jul 11 • CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File… — CISA KEV Vulns • CVE-2026-48939 — iCagenda Unrestricted Upload of File with… — CISA KEV Vulns #VulnerabilityIntelligence SecOps · Blue Team · Autonomous Builds htt
@PCMedicalist
11 Jul 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers are exploiting Joomla extension vulnerabilities (CVE-2026-48939, CVE-2026-56291) to upload malicious PHP files and execute remote code. Once compromised, they pivot laterally across internal networks. Runtime segmentation helps contain post-compromise
@aviatrixtrc
11 Jul 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 #CyberSecurity CVE-2026-48939 & CVE-2026-56291: CISA KEV Alert on iCagenda and Balbooa Forms E… "On July 10, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added two…" 🔗 https://t.co/jXXXyKlEKS #CyberSecurity #ThreatIntel #cve #zeroday #patc
@SecurityAr58409
11 Jul 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟦 PCMedicalist Signal · Jul 11 • CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File… — CISA KEV Vulns • CVE-2026-48939 — iCagenda Unrestricted Upload of File with… — CISA KEV Vulns #VulnerabilityIntelligence SecOps · Blue Team · Autonomous Builds htt
@PCMedicalist
11 Jul 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにiCagendaのCVE-2026-48939とBalbooa FormsのCVE-2026-56291を追加。対処期限は3日後の7/13。ランサムウェアによる悪用は不知。 https:
@__kokumoto
11 Jul 2026
1192 Impressions
0 Retweets
5 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ @CISACyber added iCagenda vulnerability CVE-2026-48939 & Balbooa Forms vulnerability CVE-2026-56291 to our KEV Catalog. Visit https://t.co/Hr1Rpw9Skf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@chris_uk2026
11 Jul 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two Joomla! extensions added to the KEVs. CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability and CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type
@kaotickjay
11 Jul 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA 7月10日把两个 Joomla 生态漏洞加入 KEV 已知被利用漏洞目录,值得网站运维和安全团队留意。 这两个漏洞分别是 CVE-2026-48939(iCagenda)和 CVE-2026-56291(Balbooa Forms)。NVD/CVE 记录显示,它们都与不受限制的文件上
@jojo_licg
11 Jul 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 #CyberSecurity CVE-2026-48939: Active Exploitation of iCagenda File Upload Vulnerability "On July 10, 2026, CISA added CVE-2026-48939 to the Known Exploited Vulnerabilities (KEV)…" 🔗 https://t.co/AcmO6BezYE #CyberSecurity #ThreatIntel #cve202648939 #critical #cisake
@SecurityAr58409
11 Jul 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2026-48939 (CVSS 9.8) iCagenda extension for Joomla allows arbitrary file upload leading to PHP code execution. No authentication required. Patch immediately if using this extension. #CVE #Vulnerability #PatchNow https://t.co/IR5Xotw24I
@DFIR_Lab
5 Jul 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-48939 Arbitrary File Upload and PHP Code Execution in iCagenda Joomla E... https://t.co/ZoboriMlPE Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
20 Jun 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomlic:icagenda:*:*:*:*:-:joomla\\!:*:*",
"matchCriteriaId": "7144E5C4-1940-44C7-8EF6-CE9260FC9ECF",
"versionEndExcluding": "3.9.15",
"versionStartIncluding": "3.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomlic:icagenda:*:*:*:*:-:joomla\\!:*:*",
"matchCriteriaId": "D76CC345-C89F-46E7-9887-F3ADE379E733",
"versionEndExcluding": "4.0.8",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]