DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-6569

High

Low Medium High Critical

7.3

CVSS Score

Published: Apr 19, 2026

Last Modified: Apr 19, 2026

CWE: CWE-287

Vulnerability Description

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

7.3

out of 10.0

High

Weakness Type (CWE)

CWE-287 Top 25 #10

Improper Authentication

Description: When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A07:2021-Identification/Auth Failures
Abstraction Level: Class