CVE-2026-5482
Received Received - Intake
Remote Code Execution in Responsive FileManager

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: CERT.PL

Description
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.  This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-5482
EUVD
EUVD-2026-36716
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tecrail responsive_filemanager to 9.14.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the vulnerability in Responsive FileManager (CVE-2026-5482) affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-5482 is a vulnerability in the Responsive FileManager software developed by Tecrail. It allows an unauthenticated attacker to upload files of any type and extension without restriction using the dialog.php endpoint.

This unrestricted file upload can lead to Remote Code Execution, meaning the attacker can execute arbitrary code on the affected system.

The vulnerability affects all versions up to and including 9.14.0, and the project is currently unmaintained.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker to upload malicious files and execute arbitrary code remotely on the affected system.

Such an attack can lead to full system compromise, data theft, service disruption, or further exploitation within the network.

Detection Guidance

The vulnerability involves an unauthenticated attacker uploading files of any type or extension through the dialog.php endpoint in Responsive FileManager. Detection would involve monitoring for unexpected or unauthorized file uploads to this endpoint.

Since the project is unmaintained and no specific detection commands or tools are provided in the available resources, general detection methods include checking web server logs for POST requests to dialog.php that include file uploads, especially those with suspicious file types or extensions.

  • Use web server access logs to identify POST requests to dialog.php, e.g., using grep: grep 'POST /path/to/dialog.php' /var/log/apache2/access.log
  • Look for unusual file uploads or files with suspicious extensions in the upload directories.
  • Use intrusion detection systems (IDS) or web application firewalls (WAF) to alert on file uploads to dialog.php.
Mitigation Strategies

Since the Responsive FileManager project is unmaintained and the vulnerability allows unauthenticated file uploads leading to remote code execution, immediate mitigation steps are critical.

  • Disable or restrict access to the dialog.php endpoint to prevent unauthorized file uploads.
  • Implement network-level controls such as firewall rules to block access to the vulnerable endpoint.
  • If possible, remove or replace Responsive FileManager with a maintained alternative that does not have this vulnerability.
  • Monitor your system for any signs of exploitation or unauthorized file uploads.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart