Skip to main content

PHP EUVD-2026-23700

| CVE-2026-6571 LOW
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-04-19 VulDB GHSA-p2wp-hfcj-f5jm
PHP Authentication Bypass
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
CVSS changed
Apr 19, 2026 - 12:22 NVD
6.3 (MEDIUM) 5.3 (MEDIUM)
Analysis Generated
Apr 19, 2026 - 12:19 vuln.today
EUVD ID Assigned
Apr 19, 2026 - 12:15 euvd
EUVD-2026-23700
Analysis Generated
Apr 19, 2026 - 12:15 vuln.today
CVE Published
Apr 19, 2026 - 12:00 nvd
LOW 2.1

DescriptionCVE.org

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Kodcloud KodExplorer up to version 4.52 contains an authorization bypass vulnerability in the roleGroupAction function that allows authenticated remote attackers to manipulate the group_role parameter and gain unauthorized access to sensitive information and system modification capabilities. The vulnerability has a CVSS score of 6.3 with public exploit code available, and the vendor has not responded to early disclosure notifications, leaving deployed instances without official patching options.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain valid user credentials
Delivery
Authenticate to KodExplorer
Exploit
Send crafted roleGroupAction request
Install
Manipulate group_role parameter
C2
Bypass authorization check
Execute
Escalate to admin role
Impact
Execute privileged operations
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated user account with at least basic login credentials-the vulnerability cannot be exploited by unauthenticated remote attackers. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The risk profile presents a moderate but concrete threat requiring immediate attention. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated regular user logs into a KodExplorer instance with standard file management permissions. The attacker crafts a malicious HTTP request to the roleGroupAction function, manipulating the group_role parameter to assign themselves to an administrative role group. …
Remediation Immediate action: Upgrade KodExplorer to a version newer than 4.52 if such a version has been released post-disclosure (verify directly from Kodcloud's official repository, as no patched version is confirmed in provided data). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49952 CRITICAL POC
9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
CVE-2026-49954 HIGH POC
8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
CVE-2026-27053 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
CVE-2026-49104 CRITICAL
9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

Share

EUVD-2026-23700 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy