๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
Summary
iCagenda has a vulnerability that allows attackers to upload dangerous files through its file attachment feature, which can lead to PHP code execution (running malicious code on the server). This vulnerability is currently being exploited by attackers in real attacks.
Solution / Mitigation
Apply mitigations in accordance with vendor instructions and CISA's BOD 26-04 guidance for prioritizing security updates. Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Check the iCagenda downloads page (https://www.icagenda.com/#download) for available patches or updates.
Vulnerability Details
EPSS: 0.6%
Yes
๐ฅ Actively Exploited
July 9, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-48939
First tracked: July 10, 2026 at 02:01 PM
Classified by LLM (prompt v3) ยท confidence: 95%