Which versions of PHP are affected by CVE-2026-6568?

CVE-2026-6568 is a critical path traversal vulnerability in KodExplorer versions 4.52 and earlier that allows unauthenticated attackers to access unauthorized files through the public share feature,…

Is there a public PoC exploit available for CVE-2026-6568?

Yes, a public proof-of-concept exploit is available for CVE-2026-6568. Prioritise patching immediately. EPSS: 0.1%.

PHP CVE-2026-6568

Q: What is the CVSS score of CVE-2026-6568?

CVE-2026-6568 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-23694 MEDIUM

Path Traversal (CWE-22)

2026-04-19 VulDB

PHP Path Traversal

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Severity Changed

Apr 19, 2026 - 10:22 NVD

HIGH MEDIUM

CVSS changed

Apr 19, 2026 - 10:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 19, 2026 - 10:18 vuln.today

EUVD ID Assigned

Apr 19, 2026 - 10:15 euvd

EUVD-2026-23694

Analysis Generated

Apr 19, 2026 - 10:15 vuln.today

CVE Published

Apr 19, 2026 - 09:45 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in kodcloud KodExplorer 4.52 and earlier allows unauthenticated remote attackers to access unauthorized files via the public share handler's path parameter. The vulnerability has publicly available exploit code (EPSS data not provided, not listed in CISA KEV). …

RemediationAI

Within 24 hours: Identify all systems running KodExplorer 4.52 or earlier via network inventory and audit access logs for suspicious path traversal patterns (look for ../ sequences in public share handler requests). Within 7 days: Immediately isolate or air-gap affected KodExplorer instances from production networks, migrate critical file sharing functionality to patched alternatives (consider Nextcloud 28+, Seafile 11+, or other maintained solutions), and preserve forensic logs. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6568 vulnerability details – vuln.today

Back

PHP CVE-2026-6568

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code