Command Injection Vulnerability in kalcaddle Kodbox FileThumb Plugin
CVE-2026-8753

5.3MEDIUM

Key Information:

Vendor: Kalcaddle
Status: Kodbox
Vendor: CVE Published:; 17 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-8753?

A command injection vulnerability has been identified in the kalcaddle Kodbox fileThumb Plugin up to version 1.64. This flaw occurs within the parseVideoInfo function located in the VideoResize.class.php file. An attacker can exploit this vulnerability by manipulating the ffmpegBin argument, allowing for remote exploitation of the system. Despite earlier notifications to the vendor regarding this issue, no response has been recorded, highlighting the potential risk that users face if they continue to utilize this affected product.

Affected Version(s)

Kodbox 1.0

Kodbox 1.1

Kodbox 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-8753 - Proof of Concept

References

https://vuldb.com/vuln/364380

vdb-entrytechnical-description

https://vuldb.com/vuln/364380/cti

signaturepermissions-required

https://vuldb.com/submit/810109

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 17, 2026
👾
Exploit known to exist
May 17, 2026
Vulnerability published
May 17, 2026
Vulnerability Reserved
May 16, 2026

Credit

vulnplusbot (VulDB User)

VulDB CNA Team

CVE-2026-8753 Data

JSON

Kalcaddle