Improper Authorization in Collabora KodExplorer FileUpload Functionality
CVE-2026-6572

6.3MEDIUM

Key Information:

Vendor

Collabora

Status
Kodexplorer
Vendor
CVE Published:
19 April 2026

What is CVE-2026-6572?

A security vulnerability has been identified in Collabora KodExplorer, specifically affecting versions up to 4.52. This issue arises from a flaw in the fileUpload functionality within the share.class.php component, where improper authorization can be exploited. Malicious actors may conduct remote attacks by manipulating the fileUpload parameter, potentially leading to unauthorized access to sensitive files. While the complexity of the attack is considered high, the risk remains significant due to the potential for exploitation. Despite vendor notification regarding this vulnerability, there has been no acknowledgment or response.

Affected Version(s)

KodExplorer 4.0

KodExplorer 4.1

KodExplorer 4.2

References

https://vuldb.com/vuln/358206
vdb-entrytechnical-description
https://vuldb.com/vuln/358206/cti
signaturepermissions-required
https://vuldb.com/submit/789988
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

vulnplusbot (VulDB User)
VulDB CNA Team
.