Kodcloud KodExplorer Improper Authentication Vulnerability in FileGet Endpoint

Vulnerability

A critical vulnerability allowing improper authentication has been identified in kodcloud KodExplorer versions through 4.52. The issue resides in the fileGet function within share.class.php. The vulnerability can be exploited remotely by manipulating the fileUrl argument, leading to unauthorized access. This flaw allows attackers to read local services, internal web applications, and instance metadata without authentication, potentially exposing sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal services and sensitive metadata, significantly increasing the risk compared to typical blind server-side request forgery (SSRF) vulnerabilities.

Added: Apr 19, 2026, 11:18 AM

Updated: Apr 19, 2026, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.5

remediation

0.0

relevance

6.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.5

remediation

0.0

relevance

6.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kodcloud KodExplorer Improper Authentication Vulnerability in FileGet Endpoint

Vulnerability

Impact

Affected Products

kodcloud KodExplorer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating