CVE-2026-5482
CRITICALRemote Code Execution via Unrestricted File Upload in Responsive FileManager
Title source: cnaDescription
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://cert.pl/en/posts/2026/06/CVE-2026-5482
Product product
https://github.com/trippo/ResponsiveFilemanager
Scores
CVSS v4
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (1)
Tecrail/Responsive FileManager
< 9.14.0
Published
Jun 15, 2026
Tracked Since
Jun 15, 2026