CVE-2026-6569

HIGH

kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication

Title source: cna

Description

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/358203

[Signature, Permissions Required] https://vuldb.com/vuln/358203/cti

[Third Party Advisory] https://vuldb.com/submit/789982

[Broken Link] https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl

Scores

CVSS v3 7.3

EPSS 0.0010

EPSS Percentile 26.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (50)

kodcloud/KodExplorer 4.0

kodcloud/KodExplorer 4.1

kodcloud/KodExplorer 4.10

kodcloud/KodExplorer 4.11

kodcloud/KodExplorer 4.12

kodcloud/KodExplorer 4.13

kodcloud/KodExplorer 4.14

kodcloud/KodExplorer 4.15

kodcloud/KodExplorer 4.16

kodcloud/KodExplorer 4.17

... and 40 more

Published Apr 19, 2026

Tracked Since Apr 19, 2026