CVE-2026-4589

Name of the Vulnerable Software and Affected Versions kalcaddle kodbox version 1.64

Description A server-side request forgery condition exists in the PathDriverUrl function within the file /workspace/source-code/app/controller/explorer/editor.class.php of the fileGet Endpoint component. Manipulation of the path argument can lead to exploitation. The issue is remotely exploitable. The exploit is publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.