CVE-2026-48939
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
⚠ KEVEPSS 0.56%
Description
iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
How to fix CVE-2026-48939
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2026-48939 being exploited?
Yes — CVE-2026-48939 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.