Cross-Site Request Forgery Flaw in kalcaddle kodbox Product
CVE-2026-4590

2.3LOW

Key Information:

Vendor: Kalcaddle
Status: Kodbox
Vendor: CVE Published:; 23 March 2026

What is CVE-2026-4590?

A security flaw has been identified in kalcaddle kodbox version 1.64, specifically within the loginSubmit API component. This flaw stems from an inadequate handling of the argument 'third' in the /workspace/source-code/plugins/oauth/controller/bind/index.class.php file. The vulnerability allows for cross-site request forgery (CSRF), enabling potential remote exploitation. Despite a high complexity required for executing an attack, the threat remains significant due to the public release of the exploit. The vendor has been notified of this security issue but has not provided any response.

Affected Version(s)

kodbox 1.64

References

https://vuldb.com/?id.352426

vdb-entrytechnical-description

https://vuldb.com/?ctiid.352426

signaturepermissions-required

https://vuldb.com/?submit.775469

third-party-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Mar 22, 2026

Credit

vulnplusbot (VulDB User)

VulDB

CVE-2026-4590 Data

JSON

Kalcaddle

What is CVE-2026-4590?

Affected Version(s)

References

CVSS V4

Timeline

Credit