{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/kodexplorer/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-6568"}],"_cs_exploited":true,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path-traversal","kodexplorer","cve-2026-6568"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eA path traversal vulnerability, identified as CVE-2026-6568, affects kodcloud KodExplorer up to version 4.52. The vulnerability resides within the \u003ccode\u003eshare.class.php::initShareOld\u003c/code\u003e function in the \u003ccode\u003e/app/controller/share.class.php\u003c/code\u003e file, a part of the Public Share Handler component. An attacker can exploit this flaw by manipulating the \u003ccode\u003epath\u003c/code\u003e argument, leading to unauthorized access to files and directories outside of the intended share path. Public exploit code is available, increasing the risk of active exploitation. The vendor was notified, but has not responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a KodExplorer instance running version 4.52 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/app/controller/share.class.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a manipulated \u003ccode\u003epath\u003c/code\u003e argument designed to traverse directories outside the intended share path (e.g., \u003ccode\u003e../../../../etc/passwd\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshare.class.php::initShareOld\u003c/code\u003e function processes the request without proper sanitization of the \u003ccode\u003epath\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe application attempts to access the file specified by the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eIf successful, the application reads and potentially displays the contents of the targeted file (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e) to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the retrieved information to gather sensitive data, such as usernames, system configurations, or database credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised information to further compromise the system or gain access to other sensitive resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6568 can allow an unauthenticated remote attacker to read arbitrary files on the KodExplorer server. This may lead to the disclosure of sensitive information such as configuration files, user credentials, or source code. The vulnerability poses a significant risk to organizations using affected versions of KodExplorer. The number of potential victims is unknown, but it is likely to affect any organization using the vulnerable software.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation to the \u003ccode\u003epath\u003c/code\u003e parameter within the \u003ccode\u003eshare.class.php::initShareOld\u003c/code\u003e function to prevent path traversal (reference CVE-2026-6568).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect KodExplorer Path Traversal Attempt\u0026rdquo; to identify malicious requests targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences (e.g., \u0026ldquo;../\u0026rdquo;, \u0026ldquo;..\u0026quot;, \u0026ldquo;%2e%2e/\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eBlock access to the malicious URLs listed in the IOC table at the network perimeter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-19T10:16:09Z","date_published":"2026-04-19T10:16:09Z","id":"/briefs/2026-04-kodexplorer-path-traversal/","summary":"KodExplorer up to version 4.52 is vulnerable to a path traversal attack via manipulation of the path argument in the share.class.php::initShareOld function, potentially allowing remote attackers to access sensitive files.","title":"KodExplorer Path Traversal Vulnerability (CVE-2026-6568)","url":"https://feed.craftedsignal.io/briefs/2026-04-kodexplorer-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Kodexplorer","version":"https://jsonfeed.org/version/1.1"}