CVE-2026-5618

MEDIUM

kalcaddle kodbox shareMake/shareCheck server-side request forgery

Title source: cna

Description

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/355408

[Signature, Permissions Required] https://vuldb.com/vuln/355408/cti

[Third Party Advisory] https://vuldb.com/submit/785572

[Exploit] https://vulnplus-note.wetolink.com/share/3VtzyzYgcS4b

Scores

CVSS v3 5.6

EPSS 0.0005

EPSS Percentile 15.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (50)

kalcaddle/kodbox 1.0

kalcaddle/kodbox 1.1

kalcaddle/kodbox 1.10

kalcaddle/kodbox 1.11

kalcaddle/kodbox 1.12

kalcaddle/kodbox 1.13

kalcaddle/kodbox 1.14

kalcaddle/kodbox 1.15

kalcaddle/kodbox 1.16

kalcaddle/kodbox 1.17

... and 40 more

Published Apr 06, 2026

Tracked Since Apr 06, 2026