Cyber Resilience

CVE-2026-6568

Medium

Published: 19 April 2026

Published
19 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 32.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6568 is a medium-severity Path Traversal (CWE-22) vulnerability in Wetolink (inferred from references). Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-6568 is a path traversal vulnerability (CWE-22) affecting kodcloud KodExplorer versions up to 4.52. The issue resides in the Public Share Handler component, specifically the initShareOld function within the file /app/controller/share.class.php, where manipulation of the 'path' argument enables attackers to traverse directories outside the intended scope.

The vulnerability is remotely exploitable with low complexity, requiring no privileges or user interaction, as reflected in its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Any unauthenticated remote attacker can initiate the exploit to achieve limited impacts on confidentiality, integrity, and availability, such as reading, modifying, or disrupting access to files beyond the application's share directory boundaries.

VulDB advisories, including those at the provided references, confirm the exploit has been publicly disclosed and may be utilized. The vendor was contacted early regarding the issue but provided no response, leaving no official patches or mitigation guidance available.

EU & UK References

Vulnerability details

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remotely.…

more

The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal vulnerability in public-facing web app (KodExplorer share handler) allows remote unauthenticated exploitation for file access outside intended boundaries, directly mapping to T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-64075Shared CWE-22
CVE-2024-53537Shared CWE-22
CVE-2024-36512Shared CWE-22
CVE-2025-0493Shared CWE-22
CVE-2025-70231Shared CWE-22
CVE-2026-43888Shared CWE-22
CVE-2025-15031Shared CWE-22
CVE-2026-25785Shared CWE-22
CVE-2025-11366Shared CWE-22
CVE-2026-1810Shared CWE-22

Affected Assets

Wetolink
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the manipulated 'path' argument in the public share handler to block directory traversal sequences like '../'.

prevent

Enforces logical access controls to restrict file operations outside the intended share directory boundaries despite path manipulation.

prevent

Mandates identification, prioritization, and remediation of the specific path traversal flaw in KodExplorer's initShareOld function.

References