DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-6568

High

Low Medium High Critical

7.3

CVSS Score

Published: Apr 19, 2026

Last Modified: Apr 19, 2026

CWE: CWE-22

Vulnerability Description

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

7.3

out of 10.0

High

Weakness Type (CWE)

CWE-22 Top 25 #6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description: The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can…
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A01:2021-Broken Access Control
Abstraction Level: Base