COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-48939

CVE-2026-48939

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-07-10
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-48939
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildunpatched

iCagenda allows arbitrary file uploads leading to PHP code execution via its attachment feature.

This vulnerability enables attackers to upload malicious PHP files through the file attachment feature, resulting in remote code execution. DIB organizations must ensure iCagenda is patched and verify upload restrictions to prevent unauthorized code execution.

Shame score — The vulnerability allows arbitrary file uploads leading to PHP code execution, which is a significant security risk for systems handling sensitive data.

Players implicated

iCagenda · vendoriCagenda · product

Description

iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.