CVE-2026-1066
Published: 17 January 2026
Summary
CVE-2026-1066 is a medium-severity Injection (CWE-74) vulnerability in Kodcloud Kodbox. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
A vulnerability has been identified in kalcaddle kodbox versions up to 1.61.10 within the Compression Handler component. The issue resides in the processing of the /?explorer/index/zip endpoint, where improper handling of input enables command injection, tracked under CWE-74 and CWE-77. The flaw is remotely exploitable with a CVSS 4.0 score of 5.3 reflecting limited impacts on confidentiality, integrity, and availability when low-privileged access is present.
An attacker with network access and low privileges can supply crafted input to the affected endpoint, resulting in arbitrary command execution on the server. The vendor was notified prior to disclosure but provided no response, and a public exploit is now available that demonstrates the injection.
The associated EPSS score started low after the January 2026 publication, rose materially to a peak of 0.0174 on 2026-02-18, and has since receded to 0.0006, indicating a temporary increase in exploitation interest following public release of the proof-of-concept. No vendor patches or official mitigation guidance appear in the referenced disclosures.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3128
Vulnerability details
A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is…
more
now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in public-facing web app (kodbox explorer/zip handler) directly enables remote exploitation (T1190) and arbitrary command execution via shell interpreter (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and neutralization of untrusted input to the /?explorer/index/zip Compression Handler endpoint, blocking the command-injection payload before execution.
Enforces least-privilege execution for the kodbox web process, limiting the scope of arbitrary commands an attacker can successfully run after exploiting the injection.
Restricts unnecessary or high-risk functionality such as the zip compression handler, reducing the attack surface that the public exploit targets.