Skip to main content

Tag: cve 2026 48939

2 articles

Web server setup under attack in a bright office environment.

CISA Warns of Exploited Flaws in Joomla Extensions

Stay safe online: a critical vulnerability in the iCagenda extension for Joomla can allow attackers to upload malicious files and take control of your website, leading to data theft and total site compromise. CISA warns that this flaw, tracked as CVE-2026-48939, is being actively exploited, so take action now to protect your site.

Analyst 207
Joomla website backend on laptop with iCagenda extension file attachment feature.

Joomla Flaws Exploited as Zero-Days in Active Attacks

A critical vulnerability in the iCagenda extension for Joomla, known as CVE-2026-48939, has been exploited as a zero-day since June 15, 2026, allowing attackers to upload arbitrary files via the component's file attachment feature. This severe flaw, scoring 10.0 on the CVSS scale, has already sparked a wave of automated attacks against popular content-management-system extensions.

Analyst 207