CVE-2026-4592 | kalcaddle kodbox 1.64 Password Login index.class.php loginAfter/tfaVerify improper authentication

A vulnerability was found in kalcaddle kodbox 1.64. It has been classified as critical. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication.

This vulnerability is uniquely identified as CVE-2026-4592. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4592 | kalcaddle kodbox 1.64 Password Login index.class.php loginAfter/tfaVerify improper authentication

Post correlati

CVE-2022-50322 | Linux Kernel up to 6.0.16/6.1.2 msc313_rtc_probe control flow

CVE-2024-39791 | Vonets VGA-1000 up to 3.3.23.6.9 stack-based overflow (icsa-24-214-08)

CVE-2025-0868 | Arc53 DocsGPT up to 0.12.0 JSON Data Parser /api/remote eval command injection

CVE-2024-34001 | Moodle Admin Preset Tool Management cross-site request forgery