CVE-2026-4588
Hardcoded Cryptographic Key Vulnerability in kalcaddle kodbox API
Publication date: 2026-03-23
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kalcaddle | kodbox | 1.64 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in kalcaddle kodbox version 1.64, specifically in the function shareSafeGroup within the file /workspace/source-code/app/controller/explorer/shareOut.class.php. The issue arises from manipulation of the argument 'sk', which leads to the use of a hard-coded cryptographic key. This flaw can be exploited remotely, although the attack complexity is high and exploitability is considered difficult.
How can this vulnerability impact me? :
The vulnerability allows an attacker to manipulate the argument 'sk' to cause the system to use a hard-coded cryptographic key. This can potentially compromise the security of the Site-level API key Handler, leading to partial confidentiality loss (as indicated by the CVSS impact on confidentiality). However, the attack complexity is high and exploitability is difficult, which may limit the likelihood of successful exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know