CVE-2026-4590

Name of the Vulnerable Software and Affected Versions kalcaddle kodbox version 1.64

Description A cross-site request forgery flaw exists in kalcaddle kodbox. The issue is located in the /workspace/source-code/plugins/oauth/controller/bind/index.class.php file, specifically within the loginSubmit API. Manipulation of the third argument can trigger the flaw. Exploitation is considered difficult and requires a high degree of complexity. The exploit has been publicly released. The vendor was contacted regarding this issue but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.