Authorization Bypass in Kodcloud KodExplorer by kodcloud
CVE-2026-6571

5.3MEDIUM

Key Information:

Vendor

Kodcloud

Status
Kodexplorer
Vendor
CVE Published:
19 April 2026

What is CVE-2026-6571?

A security flaw exists in the Kodcloud KodExplorer software, specifically in the roleGroupAction function located in /app/controller/systemRole.class.php. This vulnerability arises from improper handling of the group_role argument, which allows remote attackers to bypass authorization mechanisms. The exploit is publicly available, posing significant risks to affected systems. Despite early notification to the vendor regarding this issue, there has been no response or patch released.

Affected Version(s)

KodExplorer 4.0

KodExplorer 4.1

KodExplorer 4.2

References

https://vuldb.com/vuln/358205
vdb-entrytechnical-description
https://vuldb.com/vuln/358205/cti
signaturepermissions-required
https://vuldb.com/submit/789987
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

vulnplusbot (VulDB User)
VulDB CNA Team
.