What is CVE-2026-48939?
iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
Timeline
- 2026-07-10Added to the CISA Known Exploited Vulnerabilities (KEV) catalog
- 2026-07-13CISA federal remediation deadline (BOD 22-01)
CISA Known Exploited Vulnerability
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
Affected product
ICagenda
Remediation Steps
- Identify all deployments of iCagenda in your environment
- Apply the latest security patch from the vendor immediately
- Monitor for unauthorized file uploads and suspicious activity
References
Referenced in our briefings & reports
- Vulnerability Priority Report – Week 1 of July 2026 (July 6 – 12)
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.