Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
KodExplorer allows unauthorized access to sensitive data
CVE-2026-6571
Summary
A security flaw in KodExplorer 4.52 allows hackers to bypass access controls and gain unauthorized access to sensitive data. This could be exploited remotely by an attacker. Users should update to the latest version to prevent potential data breaches.
Original title
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manip...
Original description
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-285
Improper Authorization
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 19 Apr 2026 · Updated: 19 Apr 2026 · First seen: 19 Apr 2026