Path Traversal Vulnerability in Kodcloud KodExplorer Affecting Public Share Functionality
CVE-2026-6568

6.9MEDIUM

Key Information:

Vendor

Kodcloud

Status
Kodexplorer
Vendor
CVE Published:
19 April 2026

What is CVE-2026-6568?

A vulnerability exists in Kodcloud KodExplorer versions up to 4.52, specifically in the Public Share Handler's initShareOld function within share.class.php. This weakness is due to improper handling of the argument path, allowing an attacker to perform path traversal attacks. Such an exploit can be executed remotely, potentially enabling unauthorized access to file system directories. Despite early disclosure efforts to inform the vendor, there has been no response or remediation provided.

Affected Version(s)

KodExplorer 4.0

KodExplorer 4.1

KodExplorer 4.2

References

https://vuldb.com/vuln/358202
vdb-entrytechnical-description
https://vuldb.com/vuln/358202/cti
signaturepermissions-required
https://vuldb.com/submit/789981
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

vulnplusbot (VulDB User)
VulDB CNA Team
.