Cyber Resilience

CVE-2026-6569

Medium

Published: 19 April 2026

Published
19 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 28.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6569 is a medium-severity Improper Authentication (CWE-287) vulnerability in Wetolink (inferred from references). Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-6569 is an improper authentication vulnerability (CWE-287) affecting kodcloud KodExplorer versions up to 4.52. The issue resides in the fileGet function within the file /app/controller/share.class.php, specifically the fileGet Endpoint, where manipulation of the fileUrl argument bypasses authentication controls. Published on 2026-04-19 with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), it enables remote exploitation without user interaction or privileges.

Attackers can exploit this vulnerability remotely by manipulating the fileUrl argument in requests to the affected endpoint, leading to unauthorized access. No authentication or privileges are required (PR:N), and the low attack complexity (AC:L) makes it accessible to unauthenticated remote actors. Successful exploitation results in low-level impacts on confidentiality, integrity, and availability, potentially allowing limited unauthorized file operations.

Advisories from VulDB, including entries at https://vuldb.com/vuln/358203 and related pages, detail the vulnerability but note that the vendor was contacted early without any response or patch release. No official mitigations or updates are available from the vendor as of the disclosure. Additional details are referenced at https://vuldb.com/submit/789982, https://vuldb.com/vuln/358203/cti, and https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl.

EU & UK References

Vulnerability details

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely.…

more

The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Improper authentication vulnerability in public-facing KodExplorer web app allows remote unauthenticated exploitation via fileUrl manipulation in fileGet endpoint, directly mapping to exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287
CVE-2026-0589Shared CWE-287

Affected Assets

Wetolink
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations on endpoints like fileGet to prevent unauthorized access via authentication bypass.

prevent

Validates and sanitizes the fileUrl parameter to block manipulation that circumvents authentication checks.

prevent

Limits permitted actions without authentication, prohibiting unauthorized file operations on manipulated fileUrl requests.

References