CVE-2026-4830 MEDIUM

CVE-2026-4830: kalcaddle kodbox Public Share userShare.class.php add privilege escalation

Vendor Kalcaddle

Product kodbox

Weakness CWE-434 · Unrestricted file upload

Published March 26, 2026

Last update March 28, 2026

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

March 26, 2026 CVE published

March 28, 2026 Record updated