Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Kodbox Media File Preview Plugin Allows Remote Code Execution
CVE-2026-2560
Summary
A security flaw in Kodbox's Media File Preview Plugin can allow hackers to execute malicious code on a website, potentially leading to data breaches or unauthorized access. This vulnerability affects Kodbox versions up to 1.64.05 and can be exploited remotely. We recommend updating to the latest version of the plugin to patch this vulnerability.
Original title
A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Previe...
Original description
A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026