CVE-2026-6572
Improper Authorization in Collabora KodExplorer File Upload Endpoint
Publication date: 2026-04-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| collabora | kodexplorer | to 4.52 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Collabora KodExplorer up to version 4.52, specifically in the file /app/controller/share.class.php within the fileUpload Endpoint component. It involves improper authorization caused by manipulation of the fileUpload argument. This flaw allows a remote attacker to exploit the system, although the attack is considered complex and difficult to perform.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions related to file uploads, potentially allowing a remote attacker to bypass authorization controls. This could result in unauthorized access or modification of files, impacting the confidentiality, integrity, and availability of the affected system.