CVE-2026-6569

Summary

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
kodcloudKodExplorer4.0affected
kodcloudKodExplorer4.1affected
kodcloudKodExplorer4.2affected
kodcloudKodExplorer4.3affected
kodcloudKodExplorer4.4affected
kodcloudKodExplorer4.5affected
kodcloudKodExplorer4.6affected
kodcloudKodExplorer4.7affected
kodcloudKodExplorer4.8affected
kodcloudKodExplorer4.9affected
kodcloudKodExplorer4.10affected
kodcloudKodExplorer4.11affected
kodcloudKodExplorer4.12affected
kodcloudKodExplorer4.13affected
kodcloudKodExplorer4.14affected
kodcloudKodExplorer4.15affected
kodcloudKodExplorer4.16affected
kodcloudKodExplorer4.17affected
kodcloudKodExplorer4.18affected
kodcloudKodExplorer4.19affected
kodcloudKodExplorer4.20affected
kodcloudKodExplorer4.21affected
kodcloudKodExplorer4.22affected
kodcloudKodExplorer4.23affected
kodcloudKodExplorer4.24affected
kodcloudKodExplorer4.25affected
kodcloudKodExplorer4.26affected
kodcloudKodExplorer4.27affected
kodcloudKodExplorer4.28affected
kodcloudKodExplorer4.29affected
kodcloudKodExplorer4.30affected
kodcloudKodExplorer4.31affected
kodcloudKodExplorer4.32affected
kodcloudKodExplorer4.33affected
kodcloudKodExplorer4.34affected
kodcloudKodExplorer4.35affected
kodcloudKodExplorer4.36affected
kodcloudKodExplorer4.37affected
kodcloudKodExplorer4.38affected
kodcloudKodExplorer4.39affected
kodcloudKodExplorer4.40affected
kodcloudKodExplorer4.41affected
kodcloudKodExplorer4.42affected
kodcloudKodExplorer4.43affected
kodcloudKodExplorer4.44affected
kodcloudKodExplorer4.45affected
kodcloudKodExplorer4.46affected
kodcloudKodExplorer4.47affected
kodcloudKodExplorer4.48affected
kodcloudKodExplorer4.49affected
kodcloudKodExplorer4.50affected
kodcloudKodExplorer4.51affected
kodcloudKodExplorer4.52affected

Weaknesses

  • CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References