CVE-2026-6572

Summary

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
CollaboraKodExplorer4.0affected
CollaboraKodExplorer4.1affected
CollaboraKodExplorer4.2affected
CollaboraKodExplorer4.3affected
CollaboraKodExplorer4.4affected
CollaboraKodExplorer4.5affected
CollaboraKodExplorer4.6affected
CollaboraKodExplorer4.7affected
CollaboraKodExplorer4.8affected
CollaboraKodExplorer4.9affected
CollaboraKodExplorer4.10affected
CollaboraKodExplorer4.11affected
CollaboraKodExplorer4.12affected
CollaboraKodExplorer4.13affected
CollaboraKodExplorer4.14affected
CollaboraKodExplorer4.15affected
CollaboraKodExplorer4.16affected
CollaboraKodExplorer4.17affected
CollaboraKodExplorer4.18affected
CollaboraKodExplorer4.19affected
CollaboraKodExplorer4.20affected
CollaboraKodExplorer4.21affected
CollaboraKodExplorer4.22affected
CollaboraKodExplorer4.23affected
CollaboraKodExplorer4.24affected
CollaboraKodExplorer4.25affected
CollaboraKodExplorer4.26affected
CollaboraKodExplorer4.27affected
CollaboraKodExplorer4.28affected
CollaboraKodExplorer4.29affected
CollaboraKodExplorer4.30affected
CollaboraKodExplorer4.31affected
CollaboraKodExplorer4.32affected
CollaboraKodExplorer4.33affected
CollaboraKodExplorer4.34affected
CollaboraKodExplorer4.35affected
CollaboraKodExplorer4.36affected
CollaboraKodExplorer4.37affected
CollaboraKodExplorer4.38affected
CollaboraKodExplorer4.39affected
CollaboraKodExplorer4.40affected
CollaboraKodExplorer4.41affected
CollaboraKodExplorer4.42affected
CollaboraKodExplorer4.43affected
CollaboraKodExplorer4.44affected
CollaboraKodExplorer4.45affected
CollaboraKodExplorer4.46affected
CollaboraKodExplorer4.47affected
CollaboraKodExplorer4.48affected
CollaboraKodExplorer4.49affected
CollaboraKodExplorer4.50affected
CollaboraKodExplorer4.51affected
CollaboraKodExplorer4.52affected

Weaknesses

  • CWE-285: Improper Authorization
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References