Skip to main content

PHP CVE-2026-6572

| EUVDEUVD-2026-23702 LOW
Improper Authorization (CWE-285)
2026-04-19 VulDB
2.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.9 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.3 (MEDIUM) 2.9 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
CVSS changed
Apr 19, 2026 - 13:22 NVD
5.6 (MEDIUM) 6.3 (MEDIUM)
Analysis Generated
Apr 19, 2026 - 12:37 vuln.today
EUVD ID Assigned
Apr 19, 2026 - 12:30 euvd
EUVD-2026-23702
Analysis Generated
Apr 19, 2026 - 12:30 vuln.today
CVE Published
Apr 19, 2026 - 12:15 nvd
LOW 2.9

DescriptionCVE.org

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper authorization in Collabora KodExplorer up to version 4.52 allows remote unauthenticated attackers to bypass authentication via manipulation of the fileUpload parameter in the /app/controller/share.class.php endpoint, potentially enabling unauthorized file access or modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the attack requires high complexity and is described as difficult to execute in practice, limiting real-world exploitation despite public disclosure and vendor non-responsiveness.

Technical ContextAI

The vulnerability exists in the fileUpload Endpoint handler within Collabora KodExplorer's share.class.php controller module. CWE-285 (Improper Authorization) indicates the root cause is a failure to properly validate or enforce access controls on file operations, likely in the file upload mechanism. The attack vector is network-based against a PHP-based web application. The CPE string cpe:2.3:a:collabora:kodexplorer:*:*:*:*:*:*:*:* indicates the vulnerability affects all versions up to and including 4.52, with no lower-bound version explicitly stated. The manipulation of the fileUpload argument suggests attackers can send specially crafted requests to the endpoint to bypass authentication checks that should restrict who can upload or share files.

RemediationAI

Upgrade Collabora KodExplorer to a version higher than 4.52 if a patched release is available from the vendor; however, no patched version has been independently confirmed at the time of this analysis, and the vendor has not responded to early disclosure. As a compensating control, disable or restrict access to the /app/controller/share.class.php endpoint at the web server level (e.g., via .htaccess or nginx location blocks) if file sharing functionality is not required, or implement network-level access controls to limit exposure to trusted IP ranges only. Apply strict input validation on the fileUpload parameter to reject unexpected or malformed values before the endpoint processes them. Additionally, implement explicit authentication checks prior to any file operation, ensuring that the fileUpload handler re-validates user identity and permission to share files, rather than relying on implicit authorization. Monitor server logs for requests to /app/controller/share.class.php with suspicious fileUpload argument values. Contact Collabora for an official security update or workaround, emphasizing the public availability of exploit code.

More in PHP

View all
CVE-2012-1823 CRITICAL POC
9.8 May 11

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not

CVE-2016-1555 CRITICAL POC
9.8 Apr 21

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear

CVE-2024-11680 CRITICAL POC
9.8 Nov 26

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (C

CVE-2025-49113 CRITICAL POC
9.9 Jun 02

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au

CVE-2017-9841 CRITICAL POC
9.8 Jun 27

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c

CVE-2025-0108 HIGH POC
8.8 Feb 12

Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers

CVE-2021-25298 HIGH POC
8.8 Feb 15

Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2021-25296 HIGH POC
8.8 Feb 15

Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2013-4983 CRITICAL POC
10.0 Sep 10

The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows

CVE-2023-6553 CRITICAL POC
9.8 Dec 15

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1

CVE-2024-46506 CRITICAL POC
10.0 May 13

NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro

CVE-2024-8353 CRITICAL POC
9.8 Sep 28

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all

Share

CVE-2026-6572 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy