CVE-2026-48941 Joomlaworks CVE debrief

Who should care

Administrators and users of K2 by Joomlaworks should be aware of this vulnerability. The vulnerability allows an unauthenticated attacker to delete files under `/media/k2/galleries/`. This could lead to data loss and potentially allow for further exploitation.

Technical summary

The K2 frontend `item.checkin` task is vulnerable to an unauthenticated `sigProFolder` query parameter. This parameter is used directly in a `JFolder::delete()` call under `/media/k2/galleries/`. The vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. The vulnerability is related to CWE-862. The affected product is K2 by Joomlaworks.

Defensive priority

High priority should be given to patching this vulnerability. Administrators should ensure that the patch is applied as soon as possible to prevent potential exploitation.

Recommended defensive actions

• Apply the patch provided by Joomlaworks to fix the vulnerability.
• Review and update the K2 configuration to ensure that the `item.checkin` task is properly secured.
• Monitor the system for any suspicious activity related to the `sigProFolder` query parameter.
• Consider implementing additional security measures to protect against potential exploitation.

Evidence notes

The vulnerability was published on June 25, 2026, and modified on June 28, 2026. The CVSS score is 6.5, and the severity is MEDIUM. The vulnerability is related to CWE-862. The affected product is K2 by Joomlaworks.

Official resources