CVE Watchtower ← Back to CVE ListCVE-2026-48939NVDVulnerability SummaryA vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.Severity LevelUNKNOWNPublished DateJun 20, 2026Last ModifiedJul 10, 2026Exploitation StatusACTIVEEPSS Score (30-Day)0.56%ProbabilityRoot Weakness (CWE)N/AExternal Referenceshttps://www.icagenda.com/