Cyber Posture

CVE-2026-1066

Medium

Published: 17 January 2026

Published
17 January 2026
Modified
27 February 2026
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0006 17.2th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1066 is a medium-severity Injection (CWE-74) vulnerability in Kodcloud Kodbox. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-11 Developer Testing and Evaluation
addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

SI-4 System Monitoring
addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Command injection in public-facing web app (kodbox explorer/zip handler) directly enables remote exploitation (T1190) and arbitrary command execution via shell interpreter (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is…

more

now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-1066 is a command injection vulnerability in kalcaddle kodbox versions up to 1.61.10. The issue resides in the Compression Handler component, specifically during processing of the /?explorer/index/zip file path. It is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Command Injection), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2026-01-17.

A remote attacker with low privileges can exploit this vulnerability by manipulating the affected endpoint, leading to arbitrary command injection. Successful exploitation grants limited confidentiality, integrity, and availability impacts, allowing the attacker to execute commands on the server.

Advisories from VulDB and related references indicate that the exploit is public and available for use, such as via a GitHub repository. The vendor was contacted early about the disclosure but did not respond, and no patches or mitigations are mentioned.

The exploit's public availability increases the risk of widespread exploitation in unpatched kalcaddle kodbox deployments.

Details

CWE(s)
CWE-74CWE-77

Affected Products

kodcloud
kodbox
≤ 1.61.10

CVEs Like This One

CVE-2025-15133Shared CWE-74, CWE-77
CVE-2025-8752Shared CWE-74, CWE-77
CVE-2025-0328Shared CWE-74, CWE-77
CVE-2025-15132Shared CWE-74, CWE-77
CVE-2025-10962Shared CWE-74, CWE-77
CVE-2026-7058Shared CWE-74, CWE-77
CVE-2025-1947Shared CWE-74, CWE-77
CVE-2026-2956Shared CWE-74, CWE-77
CVE-2025-15131Shared CWE-74, CWE-77
CVE-2026-3943Shared CWE-74, CWE-77

References