www.cisa.gov 7/10/2026, 6:59:52 PM · external

CISA KEV Flags iCagenda File Upload Flaw CVE-2026-48939

Developing story incident 2 articles tracked
CISA adds iCagenda file upload flaw (CVE-2026-48939) to KEV catalogue
CyberSIXT Evidence Panel
Primary Source nvd.nist.gov
CISA KEV Listed in KEV
Patch Patch Available

THE Known Exploited Vulnerabilities (KEV) Catalog by CISA serves as a vital resource for cybersecurity through identifying vulnerabilities actively exploited in the wild. This catalog aids organizations in their vulnerability management and prioritization efforts. For instance, CVE-2026-48939 highlights an unrestricted file upload vulnerability in iCagenda, which poses risks such as unauthorized PHP code execution.

Users are advised to follow vendor-specified mitigations and comply with CISA's BOD 26-04 guidelines for patching based on risk. The KEV catalog is accessible in various formats including CSV and JSON, and stakeholders can nominate additional vulnerabilities for inclusion.

View Primary Source Via www.cisa.gov

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline