प्लेटफ़ॉर्म
php
घटक
kodbox
में ठीक किया गया
1.64.1
CVE-2026-4831 describes an improper authentication vulnerability affecting kodbox versions 1.64–1.64. This flaw allows a remote attacker to bypass authentication controls, potentially leading to unauthorized access to sensitive data and functionality. A public exploit is available, increasing the risk of exploitation. Mitigation strategies are available while a patch is pending.
The improper authentication flaw in kodbox allows attackers to bypass authentication mechanisms. Successful exploitation could grant an attacker unauthorized access to the system, enabling them to view, modify, or delete sensitive data stored within the kodbox environment. Depending on the system's configuration and the data stored, this could lead to data breaches, system compromise, and potential disruption of services. The availability of a public exploit significantly increases the likelihood of exploitation, particularly if the vendor does not release a timely patch.
This vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. The CVE was published on 2026-03-26. The vendor has not responded to early disclosure attempts, which may delay the availability of a patch. The CVSS score is LOW, but the public exploit and lack of vendor response elevate the risk.
Organizations utilizing kodbox version 1.64–1.64, particularly those hosting the application on shared hosting environments or without robust access controls, are at significant risk. Systems with sensitive data stored within kodbox are especially vulnerable.
• php / server:
grep -r 'auth.class.php' /workspace/source-code/• generic web:
curl -I https://your-kodbox-instance/workspace/source-code/app/controller/explorer/auth.class.php | grep -i '403 forbidden'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.07% (23% शतमक)
CISA SSVC
CVSS वेक्टर
Due to the lack of a provided fixed version, immediate mitigation is crucial. Restrict access to the /workspace/source-code/app/controller/explorer/auth.class.php file and related resources. Implement strict access controls and authentication policies to limit the potential impact of a successful attack. Monitor system logs for suspicious activity, particularly authentication failures or unusual access patterns. Consider using a web application firewall (WAF) to filter malicious requests targeting the vulnerable endpoint. Regularly review and update security configurations to minimize the attack surface.
Actualice kodbox a una versión posterior a la 1.64. Dado que el proveedor no ha respondido, busque parches no oficiales o considere migrar a una solución alternativa.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-4831 is a LOW severity vulnerability in kodbox versions 1.64–1.64 that allows a remote attacker to bypass authentication and potentially gain unauthorized access.
If you are using kodbox version 1.64–1.64, you are potentially affected by this vulnerability. Upgrade is recommended as soon as a patch is available.
A patch is currently unavailable. Mitigate by restricting access to the vulnerable file, implementing strong access controls, and monitoring logs.
A public exploit exists, indicating a potential for active exploitation. Monitor your systems closely.
As of the disclosure date, the vendor has not released an official advisory. Monitor kodbox's website and security mailing lists for updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।