Authorization Bypass in kodcloud KodExplorer by kodcloud
CVE-2026-6570

5.1MEDIUM

Key Information:

Vendor: Kodcloud
Status: Kodexplorer
Vendor: CVE Published:; 19 April 2026

What is CVE-2026-6570?

A security flaw has been found in kodcloud's KodExplorer, specifically within the initInstall function located in the file /app/controller/systemMember.class.php. This vulnerability allows an attacker to manipulate the argument path, leading to unauthorized access capabilities. The attack can be executed remotely, and details of the exploit have been made publicly available. Despite early disclosure attempts to the vendor, there has been no response.

Affected Version(s)

KodExplorer 4.0

KodExplorer 4.1

KodExplorer 4.2

References

https://vuldb.com/vuln/358204

vdb-entrytechnical-description

https://vuldb.com/vuln/358204/cti

signaturepermissions-required

https://vuldb.com/submit/789983

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2026
Vulnerability Reserved
Apr 18, 2026

Credit

vulnplusbot (VulDB User)

VulDB CNA Team

CVE-2026-6570 Data

JSON

Kodcloud

What is CVE-2026-6570?

Affected Version(s)

References

CVSS V4

Timeline

Credit