Is there a public PoC exploit available for CVE-2026-6572?

Yes, a public proof-of-concept exploit is available for CVE-2026-6572. Prioritise patching immediately. EPSS: 0.0%.

PHP CVE-2026-6572

Q: What is the CVSS score of CVE-2026-6572?

CVE-2026-6572 has a CVSS 4.0 base score of 2.9 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-23702 LOW

Improper Authorization (CWE-285)

2026-04-19 VulDB

PHP Authentication Bypass

2.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.3 (MEDIUM) 2.9 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

CVSS changed

Apr 19, 2026 - 13:22 NVD

5.6 (MEDIUM) 6.3 (MEDIUM)

Analysis Generated

Apr 19, 2026 - 12:37 vuln.today

EUVD ID Assigned

Apr 19, 2026 - 12:30 euvd

EUVD-2026-23702

Analysis Generated

Apr 19, 2026 - 12:30 vuln.today

CVE Published

Apr 19, 2026 - 12:15 nvd

LOW 2.9

DescriptionNVD

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper authorization in Collabora KodExplorer up to version 4.52 allows remote unauthenticated attackers to bypass authentication via manipulation of the fileUpload parameter in the /app/controller/share.class.php endpoint, potentially enabling unauthorized file access or modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the attack requires high complexity and is described as difficult to execute in practice, limiting real-world exploitation despite public disclosure and vendor non-responsiveness.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6572 vulnerability details – vuln.today

Back