CVE-2026-4588 | kalcaddle kodbox 1.64 Site-level API key shareOut.class.php shareSafeGroup sk hard-coded key

A vulnerability, which was classified as problematic, has been found in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic key
.

This vulnerability appears as CVE-2026-4588. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More