CVE-2026-4591 | kalcaddle kodbox 1.64 fileThumb Endpoint app.php checkBin os command injection

Inserito da Angelo Barbosa | Mar 22, 2026 | CVE

A vulnerability was found in kalcaddle kodbox 1.64 and classified as critical. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection.

This vulnerability is handled as CVE-2026-4591. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4591 | kalcaddle kodbox 1.64 fileThumb Endpoint app.php checkBin os command injection

Post correlati

CVE-2021-47289 | Linux Kernel up to 5.4.138/5.10.56/5.13.5 ACPI for_each_acpi_dev_match null pointer dereference

CVE-2024-23172 | MediaWiki up to 1.35.13/1.39.5/1.40.1 CheckUser Extension SpecialCheckUserLog cross site scripting

CVE-2025-5897 | vuejs vue-cli up to 5.0.8 Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos (ID 7478)

CVE-2024-13197 | donglight bookstore电商书城系统说明 1.0.0 AdminUserControlle.java updateUser cross site scripting