📄 الوصف (الإنجليزية)
A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
🤖 ملخص AI
CVE-2026-4589 is a Server-Side Request Forgery (SSRF) vulnerability in Kodbox 1.64 affecting the PathDriverUrl function in the editor component. With a CVSS score of 6.3 and publicly available exploit code, this vulnerability allows remote attackers to manipulate file paths and potentially access internal resources, exfiltrate data, or pivot to backend systems. The vendor's non-responsiveness and lack of available patches elevate the urgency for affected Saudi organizations.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: May 17, 2026 19:36
🇸🇦 التأثير على المملكة العربية السعودية
This vulnerability poses significant risk to Saudi government entities, educational institutions, and enterprises using Kodbox for document management and file sharing. Government agencies under NCA oversight, universities managing research data, and healthcare facilities storing patient records are particularly vulnerable. The SSRF nature allows attackers to bypass network segmentation, potentially accessing internal SAMA banking systems, NCA infrastructure, or sensitive government databases. Organizations in the energy sector using Kodbox for project documentation face risks of intellectual property theft and operational disruption.
🏢 القطاعات السعودية المتأثرة
Government
Education
Healthcare
Banking
Energy
Telecommunications
Enterprise Document Management
🎯 تقنيات MITRE ATT&CK
⚖️ درجة المخاطر السعودية (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Kodbox 1.64 in your environment using network scanning and asset inventory tools
2. Isolate affected Kodbox instances from direct internet access; implement network segmentation and WAF rules
3. Review access logs for suspicious PathDriverUrl requests containing file:// or internal IP addresses
4. Disable the fileGet endpoint if not operationally critical
PATCHING GUIDANCE:
1. Contact Kodbox vendor for security updates or consider alternative file management solutions
2. Monitor vendor security advisories and VulDB for patch releases
3. Implement a vendor communication escalation process for critical vulnerabilities
COMPENSATING CONTROLS:
1. Deploy Web Application Firewall (WAF) rules to block requests containing path traversal patterns (../, file://, http://, https://) in the path parameter
2. Implement strict input validation: whitelist allowed file paths and reject any requests deviating from expected patterns
3. Restrict outbound connections from Kodbox servers using firewall rules; block access to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
4. Enable detailed logging and alerting for all fileGet endpoint requests
5. Implement network-level monitoring to detect SSRF attempts
DETECTION RULES:
1. Alert on requests to /workspace/source-code/app/controller/explorer/editor.class.php with path parameter containing: file://, http://, https://, localhost, 127.0.0.1, or internal IP ranges
2. Monitor for unusual outbound connections from Kodbox server processes
3. Track failed authentication attempts to internal services originating from Kodbox
4. Log all PathDriverUrl function calls with parameter values for forensic analysis
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ Kodbox 1.64 في بيئتك باستخدام أدوات المسح والجرد
2. عزل نسخ Kodbox المتأثرة عن الوصول المباشر للإنترنت؛ تطبيق تقسيم الشبكة وقواعد WAF
3. مراجعة سجلات الوصول للطلبات المريبة التي تحتوي على عناوين IP داخلية
4. تعطيل نقطة نهاية fileGet إذا لم تكن حرجة تشغيليًا
إرشادات التصحيح:
1. التواصل مع بائع Kodbox للحصول على تحديثات أمان أو النظر في حلول بديلة
2. مراقبة إشعارات أمان البائع والإصدارات الجديدة
3. تطبيق عملية تصعيد للتواصل مع البائع للثغرات الحرجة
الضوابط البديلة:
1. نشر قواعد WAF لحجب الطلبات التي تحتوي على أنماط traversal
2. تطبيق التحقق الصارم من المدخلات: قائمة بيضاء للمسارات المسموحة
3. تقييد الاتصالات الصادرة من خوادم Kodbox
4. تفعيل السجلات التفصيلية والتنبيهات
5. مراقبة على مستوى الشبكة لكشف محاولات SSRF
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements in supplier relationships
ECC 2024 A.14.2.5 - Addressing information security in supplier agreements
ECC 2024 A.13.1.3 - Segregation of networks
ECC 2024 A.14.1.1 - Information security incident management procedures
🔵 SAMA CSF
SAMA CSF ID.BE-3 - Organizational roles, responsibilities, and authorities
SAMA CSF PR.AC-3 - Access control and management
SAMA CSF PR.DS-1 - Data security and protection
SAMA CSF DE.CM-1 - Detection and monitoring of anomalous activity
🟡 ISO 27001:2022
ISO 27001:2022 A.5.23 - Information security for supplier relationships
ISO 27001:2022 A.8.1 - User endpoint devices
ISO 27001:2022 A.8.3 - Access control
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates
PCI DSS 6.5.1 - Injection flaws
PCI DSS 11.2 - Vulnerability scanning