CVE-2026-6569
Published: 19 April 2026
Summary
CVE-2026-6569 is a medium-severity Improper Authentication (CWE-287) vulnerability in Wetolink (inferred from references). Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-6569 is an improper authentication vulnerability (CWE-287) affecting kodcloud KodExplorer versions up to 4.52. The issue resides in the fileGet function within the file /app/controller/share.class.php, specifically the fileGet Endpoint, where manipulation of the fileUrl argument bypasses authentication controls. Published on 2026-04-19 with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), it enables remote exploitation without user interaction or privileges.
Attackers can exploit this vulnerability remotely by manipulating the fileUrl argument in requests to the affected endpoint, leading to unauthorized access. No authentication or privileges are required (PR:N), and the low attack complexity (AC:L) makes it accessible to unauthenticated remote actors. Successful exploitation results in low-level impacts on confidentiality, integrity, and availability, potentially allowing limited unauthorized file operations.
Advisories from VulDB, including entries at https://vuldb.com/vuln/358203 and related pages, detail the vulnerability but note that the vendor was contacted early without any response or patch release. No official mitigations or updates are available from the vendor as of the disclosure. Additional details are referenced at https://vuldb.com/submit/789982, https://vuldb.com/vuln/358203/cti, and https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-23695
Vulnerability details
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely.…
more
The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper authentication vulnerability in public-facing KodExplorer web app allows remote unauthenticated exploitation via fileUrl manipulation in fileGet endpoint, directly mapping to exploitation of public-facing applications for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations on endpoints like fileGet to prevent unauthorized access via authentication bypass.
Validates and sanitizes the fileUrl parameter to block manipulation that circumvents authentication checks.
Limits permitted actions without authentication, prohibiting unauthorized file operations on manipulated fileUrl requests.