CVE-2026-8753

Summary

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
kalcaddleKodbox1.0affected
kalcaddleKodbox1.1affected
kalcaddleKodbox1.2affected
kalcaddleKodbox1.3affected
kalcaddleKodbox1.4affected
kalcaddleKodbox1.5affected
kalcaddleKodbox1.6affected
kalcaddleKodbox1.7affected
kalcaddleKodbox1.8affected
kalcaddleKodbox1.9affected
kalcaddleKodbox1.10affected
kalcaddleKodbox1.11affected
kalcaddleKodbox1.12affected
kalcaddleKodbox1.13affected
kalcaddleKodbox1.14affected
kalcaddleKodbox1.15affected
kalcaddleKodbox1.16affected
kalcaddleKodbox1.17affected
kalcaddleKodbox1.18affected
kalcaddleKodbox1.19affected
kalcaddleKodbox1.20affected
kalcaddleKodbox1.21affected
kalcaddleKodbox1.22affected
kalcaddleKodbox1.23affected
kalcaddleKodbox1.24affected
kalcaddleKodbox1.25affected
kalcaddleKodbox1.26affected
kalcaddleKodbox1.27affected
kalcaddleKodbox1.28affected
kalcaddleKodbox1.29affected
kalcaddleKodbox1.30affected
kalcaddleKodbox1.31affected
kalcaddleKodbox1.32affected
kalcaddleKodbox1.33affected
kalcaddleKodbox1.34affected
kalcaddleKodbox1.35affected
kalcaddleKodbox1.36affected
kalcaddleKodbox1.37affected
kalcaddleKodbox1.38affected
kalcaddleKodbox1.39affected
kalcaddleKodbox1.40affected
kalcaddleKodbox1.41affected
kalcaddleKodbox1.42affected
kalcaddleKodbox1.43affected
kalcaddleKodbox1.44affected
kalcaddleKodbox1.45affected
kalcaddleKodbox1.46affected
kalcaddleKodbox1.47affected
kalcaddleKodbox1.48affected
kalcaddleKodbox1.49affected
kalcaddleKodbox1.50affected
kalcaddleKodbox1.51affected
kalcaddleKodbox1.52affected
kalcaddleKodbox1.53affected
kalcaddleKodbox1.54affected
kalcaddleKodbox1.55affected
kalcaddleKodbox1.56affected
kalcaddleKodbox1.57affected
kalcaddleKodbox1.58affected
kalcaddleKodbox1.59affected
kalcaddleKodbox1.60affected
kalcaddleKodbox1.61affected
kalcaddleKodbox1.62affected
kalcaddleKodbox1.63affected
kalcaddleKodbox1.64affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References