Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-48941

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.5%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-48941
  • Joomlaworks » K2 » Version: N/A
    cpe:2.3:a:joomlaworks:k2:-
  • Joomlaworks » K2 » Version: 2.10.1
    cpe:2.3:a:joomlaworks:k2:2.10.1
  • Joomlaworks » K2 » Version: 2.13
    cpe:2.3:a:joomlaworks:k2:2.13
  • Joomlaworks » K2 » Version: 2.14
    cpe:2.3:a:joomlaworks:k2:2.14
  • Joomlaworks » K2 » Version: 2.15
    cpe:2.3:a:joomlaworks:k2:2.15
  • Joomlaworks » K2 » Version: 2.16
    cpe:2.3:a:joomlaworks:k2:2.16
  • Joomlaworks » K2 » Version: 2.17
    cpe:2.3:a:joomlaworks:k2:2.17
  • Joomlaworks » K2 » Version: 2.18
    cpe:2.3:a:joomlaworks:k2:2.18
  • Joomlaworks » K2 » Version: 2.19
    cpe:2.3:a:joomlaworks:k2:2.19
  • Joomlaworks » K2 » Version: 2.20
    cpe:2.3:a:joomlaworks:k2:2.20
  • Joomlaworks » K2 » Version: 2.21
    cpe:2.3:a:joomlaworks:k2:2.21
  • Joomlaworks » K2 » Version: 2.22
    cpe:2.3:a:joomlaworks:k2:2.22
  • Joomlaworks » K2 » Version: 2.23
    cpe:2.3:a:joomlaworks:k2:2.23
  • Joomlaworks » K2 » Version: 2.24
    cpe:2.3:a:joomlaworks:k2:2.24
  • Joomlaworks » K2 » Version: 2.25
    cpe:2.3:a:joomlaworks:k2:2.25
  • Joomlaworks » K2 » Version: 2.26
    cpe:2.3:a:joomlaworks:k2:2.26
  • Joomlaworks » K2 » Version: 2.8.0
    cpe:2.3:a:joomlaworks:k2:2.8.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved