Cross-Site Request Forgery Flaw in kalcaddle kodbox Product
CVE-2026-4590

2.3LOW

Key Information:

Vendor

Kalcaddle

Status
Kodbox
Vendor
CVE Published:
23 March 2026

What is CVE-2026-4590?

A security flaw has been identified in kalcaddle kodbox version 1.64, specifically within the loginSubmit API component. This flaw stems from an inadequate handling of the argument 'third' in the /workspace/source-code/plugins/oauth/controller/bind/index.class.php file. The vulnerability allows for cross-site request forgery (CSRF), enabling potential remote exploitation. Despite a high complexity required for executing an attack, the threat remains significant due to the public release of the exploit. The vendor has been notified of this security issue but has not provided any response.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

kodbox 1.64

References

https://vuldb.com/?id.352426
vdb-entrytechnical-description
https://vuldb.com/?ctiid.352426
signaturepermissions-required
https://vuldb.com/?submit.775469
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

vulnplusbot (VulDB User)
VulDB
JSON
.