CVE-2026-48939

CRITICAL

Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-48939. PoCs published by Polosss.

AI-analyzed exploit summary The repository provides a functional exploit for CVE-2026-48939, an unauthenticated file upload vulnerability in iCagenda for Joomla, leading to Remote Code Execution (RCE). It includes detailed technical analysis, curl commands, and a PoC script for exploitation.

Description

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

Exploits (1)

github WORKING POC
by Polosss · poc
https://github.com/Polosss/By-Poloss..-..CVE-2026-48939

The repository provides a functional exploit for CVE-2026-48939, an unauthenticated file upload vulnerability in iCagenda for Joomla, leading to Remote Code Execution (RCE). It includes detailed technical analysis, curl commands, and a PoC script for exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: iCagenda 3.2.1 - 3.9.14 and 4.0.0 - 4.0.7
No auth needed
Prerequisites: Joomla 6 with vulnerable iCagenda version · Access to the target's submission endpoint
mistral-large-3 · analyzed Jun 29, 2026 Full analysis →

Scores

CVSS v3 9.8
EPSS 0.0052
EPSS Percentile 40.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-284 CWE-434
Status published
Products (4)
icagenda.com/iCagenda extension for Joomla 1.0.0-3.9.14
icagenda.com/iCagenda extension for Joomla 3.2.1-4.0.7
icagenda.com/iCagenda extension for Joomla 4.0.0-4.0.7
joomlic/icagenda 3.2.1 - 3.9.15
Published Jun 20, 2026
Tracked Since Jun 20, 2026