Server-Side Request Forgery in kalcaddle kodbox by kalcaddle
CVE-2026-4589

5.3MEDIUM

Key Information:

Vendor: Kalcaddle
Status: Kodbox
Vendor: CVE Published:; 23 March 2026

What is CVE-2026-4589?

A security flaw has been found in kalcaddle kodbox version 1.64, specifically in the PathDriverUrl function located within the fileGet Endpoint. This vulnerability allows for server-side request forgery through manipulation of the path argument, posing a significant risk as it can be exploited remotely. Exploits for this vulnerability are publicly available, and attempts to notify the vendor have gone unanswered, further highlighting the urgency for users to address the potential threats posed by this issue.

Affected Version(s)

kodbox 1.64

References

https://vuldb.com/vuln/352425

vdb-entrytechnical-description

https://vuldb.com/vuln/352425/cti

signaturepermissions-required

https://vuldb.com/submit/775467

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Mar 22, 2026

Credit

vulnplusbot (VulDB User)

VulDB

CVE-2026-4589 Data

JSON