CVE-2026-8753

6.3 MEDIUM

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64

Published: 2026-05-17 · Last updated: 2026-05-18

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74, CWE-77

Description

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8753
[Other]https://vuldb.com/submit/810109
[Other]https://vuldb.com/vuln/364380
[Other]https://vuldb.com/vuln/364380/cti
[Other]https://vulnplus-note.wetolink.com/share/R0hHqwMywhsm

Related CVEs

Same CWE

CVE-2024-24909 — Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin (8.8 HIGH)
CVE-2025-56814 — A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding sh... (7.8 HIGH)
CVE-2026-12223 — A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
CVE-2026-12219 — A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)