What is CVE-2026-48941?

CVE-2026-48941 is a medium-severity vulnerability in Getk2.com K2 Extension For Joomla, classified under Missing Authorization. CVSS score: 6.5/10. Published 2026-06-25.

How severe is CVE-2026-48941?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in Getk2.com K2 Extension For Joomla

CVE-2026-48941

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`

Vulnerability class: Broken Access Control

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Getk2.com K2 Extension For Joomla — versions 1.0-2.26

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

security@joomla.org (product)

Frequently asked questions

What is CVE-2026-48941?: CVE-2026-48941 is a medium-severity vulnerability in Getk2.com K2 Extension For Joomla, classified under Missing Authorization. CVSS score: 6.5/10. Published 2026-06-25.
How severe is CVE-2026-48941?: Medium severity. CVSS v3 base score is 6.5 out of 10.