CVE-2026-5482

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2026/06/CVE-2026-5482
https://github.com/trippo/ResponsiveFilemanager

Configurations

No configuration.

History

15 Jun 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-15 12:16

Updated : 2026-06-17 10:59

NVD link : CVE-2026-5482

Mitre link : CVE-2026-5482

CVE.ORG link : CVE-2026-5482

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2026-5482", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "cvd@cert.pl"}], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-5482", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-06-15T12:32:30.749356Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cvd@cert.pl", "affectedData": [{"repo": "https://github.com/trippo/ResponsiveFilemanager", "vendor": "Tecrail", "product": "Responsive FileManager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.14.0"}], "programFiles": ["filemanager/dialog.php"], "defaultStatus": "unaffected"}]}], "published": "2026-06-15T12:16:25.947", "references": [{"url": "https://cert.pl/en/posts/2026/06/CVE-2026-5482", "source": "cvd@cert.pl"}, {"url": "https://github.com/trippo/ResponsiveFilemanager", "source": "cvd@cert.pl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Responsive FileManager's allows an unauthenticated\u00a0attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.\u00a0\n\nThis project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release\u00a09.14.0"}], "lastModified": "2026-06-17T10:59:06.477", "sourceIdentifier": "cvd@cert.pl"}

CVE-2026-5482

JSON object

Attach tags to CVE-2026-5482

Attach tags to `CVE-2026-5482`