Vulnerabilities ›

CVE-2026-6569

High

CWE-287 — Weakness Type

                    Published: Apr 19, 2026                      ·  Modified: Apr 26, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-6569 is a high-severity authentication bypass vulnerability in KodExplorer versions up to 4.52 affecting the fileGet endpoint. An attacker can manipulate the fileUrl parameter to bypass authentication controls and gain unauthorized access to files. With no patch available and no vendor response, organizations using KodExplorer face immediate risk of unauthorized file access and potential data exfiltration.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 7, 2026 11:18

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi organizations using KodExplorer for file management and collaboration. Government entities (NCA, CITC), financial institutions relying on document management systems, healthcare providers (MOH), and energy sector organizations (ARAMCO subsidiaries) are at risk. The authentication bypass could enable unauthorized access to sensitive documents, financial records, and operational data. Organizations in the education and research sectors using KodExplorer for collaborative file sharing are also vulnerable to data exfiltration and intellectual property theft.

🏢 Affected Saudi Sectors

Government (NCA, CITC, Ministry of Interior) Banking and Financial Services (SAMA regulated institutions) Healthcare (Ministry of Health, private hospitals) Energy (ARAMCO, energy sector contractors) Telecommunications (STC, Mobily, Zain) Education and Research Real Estate and Construction Retail and E-commerce

🎯 MITRE ATT&CK Techniques

T1110 - Brute Force T1190 - Exploit Public-Facing Application T1589 - Gather Victim Identity Information T1566 - Phishing T1199 - Trusted Relationship T1040 - Network Sniffing T1021 - Remote Services T1078 - Valid Accounts T1087 - Account Discovery T1526 - Enumerate External Targets

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all instances of KodExplorer running versions up to 4.52 across your infrastructure

2. Implement network-level access controls restricting access to the /app/controller/share.class.php endpoint

3. Monitor access logs for suspicious fileGet requests with unusual fileUrl parameters

4. Disable the fileGet endpoint if not critical to operations



Compensating Controls:

1. Implement Web Application Firewall (WAF) rules to validate and sanitize fileUrl parameters

2. Enforce strict input validation: reject fileUrl parameters containing path traversal sequences (../, ..\ , encoded variants)

3. Implement rate limiting on the fileGet endpoint to detect brute force attempts

4. Deploy authentication middleware requiring additional verification before file access

5. Enable comprehensive logging and alerting for all fileGet requests



Detection Rules:

1. Alert on fileGet requests with fileUrl parameters containing: ../, ..\, %2e%2e, encoded path traversal

2. Monitor for fileGet requests from unauthorized IP ranges or outside business hours

3. Track failed authentication attempts followed by successful file access

4. Alert on access to sensitive file paths via fileGet endpoint



Long-term:

1. Evaluate alternative file management solutions with active vendor support

2. Plan migration away from KodExplorer to patched/maintained alternatives

3. Implement zero-trust architecture for file access controls

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نسخ KodExplorer التي تعمل بالإصدارات حتى 4.52 عبر البنية التحتية

2. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة النهاية /app/controller/share.class.php

3. مراقبة سجلات الوصول للطلبات المريبة في fileGet بمعاملات fileUrl غير عادية

4. تعطيل نقطة نهاية fileGet إذا لم تكن حرجة للعمليات

عناصر التحكم التعويضية:

1. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) للتحقق من صحة معاملات fileUrl وتنظيفها

2. فرض التحقق الصارم من المدخلات: رفض معاملات fileUrl التي تحتوي على تسلسلات اجتياز المسار

3. تطبيق تحديد معدل الطلبات على نقطة نهاية fileGet للكشف عن محاولات القوة الغاشمة

4. نشر برامج وسيطة للمصادقة تتطلب تحقق إضافي قبل الوصول إلى الملفات

5. تفعيل السجلات الشاملة والتنبيهات لجميع طلبات fileGet

قواعد الكشف:

1. التنبيه على طلبات fileGet بمعاملات fileUrl تحتوي على: ../, ..\, %2e%2e, اجتياز المسار المشفر

2. مراقبة طلبات fileGet من نطاقات IP غير مصرح بها أو خارج ساعات العمل

3. تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح إلى الملفات

4. التنبيه على الوصول إلى مسارات الملفات الحساسة عبر نقطة نهاية fileGet

المدى الطويل:

1. تقييم حلول إدارة الملفات البديلة مع دعم البائع النشط

2. التخطيط للهجرة بعيداً عن KodExplorer إلى بدائل مصححة/مدعومة

3. تطبيق معمارية الثقة الصفرية لعناصر تحكم الوصول إلى الملفات

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.2.1 - User registration and access management A.5.2.2 - Privileged access rights A.5.3.1 - Password management A.8.2.1 - User access provisioning A.8.2.2 - Access rights review A.8.2.3 - Access rights removal A.9.2.1 - User identification and authentication A.9.2.2 - User identification and authentication mechanism A.9.2.3 - Password management system A.9.2.4 - Restriction of access to information A.9.2.5 - Access control to program source code

🔵 SAMA CSF

ID.AM-1 - Physical devices and software assets PR.AC-1 - Processes and procedures are managed to ensure appropriate access PR.AC-2 - Physical access to assets is managed and protected PR.AC-3 - Remote access is managed PR.AC-4 - Access permissions and authorizations are managed PR.AC-5 - Network segmentation is managed DE.AE-1 - A baseline of network operations and expected data flows is established DE.CM-1 - The network is monitored to detect potential cybersecurity events

🟡 ISO 27001:2022

5.3 - Segregation of duties 6.2 - Access to information and other associated assets 8.2 - User access provisioning 8.3 - Access rights review 8.4 - Access rights removal or adjustment 9.2 - User access management 9.4 - Access management A.5.2 - User registration and access management A.9.2 - User access management A.9.4 - Access control

🟣 PCI DSS v4.0.1

Requirement 2 - Do not use vendor-supplied defaults Requirement 6 - Develop and maintain secure systems and applications Requirement 7 - Restrict access to data by business need to know Requirement 8 - Identify and authenticate access to system components

🔗 References & Sources 4

🔗

https://vuldb.com/submit/789982

cna@vuldb.com

🔗

https://vuldb.com/vuln/358203

cna@vuldb.com

🔗

https://vuldb.com/vuln/358203/cti

cna@vuldb.com

🔗

https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-287

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-04-19

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-287

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-6569

💬 Comments

Introduce Yourself

Sign In Required