CVE-2026-2560 | kalcaddle kodbox up to 1.64.05 Media File Preview Plugin VideoResize.class.php run localFile os command injection

February 15, 2026 Yanac

A vulnerability, which was classified as critical, was found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection.

This vulnerability is documented as CVE-2026-2560. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More