EUVD-2026-23695
GHSA-9782-qgv6-6p8g
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Improper authentication in kodcloud KodExplorer versions up to 4.52 allows unauthenticated remote attackers to bypass access controls via the fileGet endpoint. The vulnerability resides in the fileGet function within /app/controller/share.class.php, exploitable by manipulating the fileUrl parameter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all KodExplorer instances and identify current versions in use; restrict network access to KodExplorer servers via firewall rules to trusted IP ranges only. Within 7 days: Evaluate upgrade feasibility to versions above 4.52 if vendor releases a patched version, or plan migration to alternative file management solutions; implement Web Application Firewall (WAF) rules to block suspicious fileGet requests with manipulated fileUrl parameters. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today