CVE-2026-4591

Name of the Vulnerable Software and Affected Versions kalcaddle kodbox version 1.64

Description A weakness exists in kalcaddle kodbox that allows for os command injection. This occurs through manipulation of the checkBin function within the /workspace/source-code/plugins/fileThumb/app.php file of the fileThumb component. The attack can be executed remotely. The exploit has been publicly released. The vendor was contacted regarding this issue but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.