Platform
php
Component
kodbox
Fixed in
1.64.1
CVE-2026-4831 describes an improper authentication vulnerability affecting kodbox versions 1.64–1.64. This flaw allows a remote attacker to bypass authentication controls, potentially leading to unauthorized access to sensitive data and functionality. A public exploit is available, increasing the risk of exploitation. Mitigation strategies are available while a patch is pending.
The improper authentication flaw in kodbox allows attackers to bypass authentication mechanisms. Successful exploitation could grant an attacker unauthorized access to the system, enabling them to view, modify, or delete sensitive data stored within the kodbox environment. Depending on the system's configuration and the data stored, this could lead to data breaches, system compromise, and potential disruption of services. The availability of a public exploit significantly increases the likelihood of exploitation, particularly if the vendor does not release a timely patch.
This vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. The CVE was published on 2026-03-26. The vendor has not responded to early disclosure attempts, which may delay the availability of a patch. The CVSS score is LOW, but the public exploit and lack of vendor response elevate the risk.
Exploit Status
EPSS
0.07% (23% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a provided fixed version, immediate mitigation is crucial. Restrict access to the /workspace/source-code/app/controller/explorer/auth.class.php file and related resources. Implement strict access controls and authentication policies to limit the potential impact of a successful attack. Monitor system logs for suspicious activity, particularly authentication failures or unusual access patterns. Consider using a web application firewall (WAF) to filter malicious requests targeting the vulnerable endpoint. Regularly review and update security configurations to minimize the attack surface.
Update kodbox to a version later than 1.64. Since the vendor has not responded, look for unofficial patches or consider migrating to an alternative solution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4831 is a LOW severity vulnerability in kodbox versions 1.64–1.64 that allows a remote attacker to bypass authentication and potentially gain unauthorized access.
If you are using kodbox version 1.64–1.64, you are potentially affected by this vulnerability. Upgrade is recommended as soon as a patch is available.
A patch is currently unavailable. Mitigate by restricting access to the vulnerable file, implementing strong access controls, and monitoring logs.
A public exploit exists, indicating a potential for active exploitation. Monitor your systems closely.
As of the disclosure date, the vendor has not released an official advisory. Monitor kodbox's website and security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.