Description
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass (Privilege Escalation)
Action: Assess Impact
AI Analysis

Impact

A weakness in the roleGroupAction function of kodcloud KodExplorer allows an attacker to manipulate the group_role argument to bypass normal authorization checks. This enables the attacker to execute actions that should only be available to privileged users or to modify group permissions remotely.

Affected Systems

Kodcloud KodExplorer versions up to and including 4.52 are affected. No patch or fix has been released by the vendor at this time and the vulnerability is present in all mentioned versions.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium impact. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack may be launched remotely by submitting a crafted request that includes a manipulated group_role parameter. The likely attack vector is via the web interface or an API that exposes the roleGroupAction endpoint, and the exploit has already been made publicly available.

Generated by OpenCVE AI on April 19, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the KodExplorer deployment version; versions 4.52 or earlier are potentially affected.
  • Consult the vendor’s website or security advisories for a patch or statement; if no fix exists, plan to upgrade to a supported version that eliminates the authorization flaw.
  • Restrict the roleGroupAction endpoint by applying application‑level access control so that only trusted administrative users can modify group_role, or implement web–application firewall rules to block or log requests containing unauthorized group_role parameters.

Generated by OpenCVE AI on April 19, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 19 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title kodcloud KodExplorer systemRole.class.php roleGroupAction authorization
First Time appeared Kodcloud
Kodcloud kodexplorer
Weaknesses CWE-285
CWE-639
CPEs cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*
Vendors & Products Kodcloud
Kodcloud kodexplorer
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Kodcloud Kodexplorer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-19T12:00:17.810Z

Reserved: 2026-04-18T19:07:03.225Z

Link: CVE-2026-6571

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-19T12:16:33.607

Modified: 2026-04-19T12:16:33.607

Link: CVE-2026-6571

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-19T16:15:25Z

Weaknesses