CVE-2026-6572 - Vulnerability Details

- Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization

Description

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-04-19

Score: 6.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A security flaw in Collabora KodExplorer, discovered in the file /app/controller/share.class.php on the fileUpload Endpoint, allows an attacker to manipulate the fileUpload argument and bypass authorization checks. This improper authorization can lead to remote exploitation, enabling an attacker to gain unauthorized access to functionality or data that should otherwise be protected. The vulnerability is classified as having a high attack complexity and is noted to be difficult to exploit, but the fact that remote exploitation is possible raises significant concern.

Affected Systems

Collabora KodExplorer versions up to 4.52 are potentially affected. All deployments of KodExplorer relying on the share.class.php based fileUpload Endpoint in these versions are at risk until the flaw is remediated.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, and the EPSS score is currently unavailable, which does not provide a clear picture of exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Remote attackers could exploit the flaw by sending crafted requests to the fileUpload Endpoint, although the high attack complexity and difficulty suggest that it would not be trivially abused. Nevertheless, the potential for unauthorized access warrants prompt attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Collabora

KodExplorer

affected

Version	Status	Constraints
`4.0`	affected	—
`4.1`	affected	—
`4.2`	affected	—
`4.3`	affected	—
`4.4`	affected	—
`4.5`	affected	—
`4.6`	affected	—
`4.7`	affected	—
`4.8`	affected	—
`4.9`	affected	—
`4.10`	affected	—
`4.11`	affected	—
`4.12`	affected	—
`4.13`	affected	—
`4.14`	affected	—
`4.15`	affected	—
`4.16`	affected	—
`4.17`	affected	—
`4.18`	affected	—
`4.19`	affected	—
`4.20`	affected	—
`4.21`	affected	—
`4.22`	affected	—
`4.23`	affected	—
`4.24`	affected	—
`4.25`	affected	—
`4.26`	affected	—
`4.27`	affected	—
`4.28`	affected	—
`4.29`	affected	—
`4.30`	affected	—
`4.31`	affected	—
`4.32`	affected	—
`4.33`	affected	—
`4.34`	affected	—
`4.35`	affected	—
`4.36`	affected	—
`4.37`	affected	—
`4.38`	affected	—
`4.39`	affected	—
`4.40`	affected	—
`4.41`	affected	—
`4.42`	affected	—
`4.43`	affected	—
`4.44`	affected	—
`4.45`	affected	—
`4.46`	affected	—
`4.47`	affected	—
`4.48`	affected	—
`4.49`	affected	—
`4.50`	affected	—
`4.51`	affected	—
`4.52`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest vendor patch or upgrade to a version newer than 4.52 that contains the fix for the improper authorization issue in the fileUpload Endpoint.
If an immediate update is not feasible, restrict access to the fileUpload Endpoint at the web‑server or firewall level so that only trusted IP ranges or authenticated sessions can reach it.
Conduct an access‑control review for the share.class.php controller, ensuring that proper role checks are enforced, and monitor logs for any anomalous fileUpload requests.

Generated by OpenCVE AI on April 19, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://vuldb.com/submit/789988
https://vuldb.com/vuln/358206
https://vuldb.com/vuln/358206/cti
https://vulnplus-note.wetolink.com/share/PLCI4v0BWaF8

History

Sun, 19 Apr 2026 12:30:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization
Weaknesses		CWE-266 CWE-285
References		https://vuldb.com/submit/789988 https://vuldb.com/vuln/358206 https://vuldb.com/vuln/358206/cti https://vulnplus-note.wetolink.com/share/PLCI4v0BWaF8
Metrics		cvssV2_0 `{'score': 5.1, 'vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.6, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-19T12:15:14.167Z

Updated: 2026-04-19T12:15:14.167Z

Reserved: 2026-04-18T19:07:07.145Z

Link: CVE-2026-6572

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-19T13:16:45.650

Modified: 2026-04-19T13:16:45.650

Link: CVE-2026-6572

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-19T13:30:27Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object