CVE-2026-4588

Name of the Vulnerable Software and Affected Versions Kalcaddle Kodbox version 1.64

Description A security issue exists in Kalcaddle Kodbox version 1.64 related to the manipulation of the sk argument within the shareSafeGroup function located in the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the Site-level API key Handler component. This manipulation results in the use of a hard-coded cryptographic key. The attack can be initiated remotely, but is considered difficult to exploit. The details of this issue have been publicly disclosed, and the vendor was notified but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.