CVE-2026-48942
MEDIUM
NVD
CVSS Score
6.1
Severity
MEDIUM
Published
Jun 25, 2026
Vendor
unknown
Description
K2 โค 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.