CVE-2026-5482

CRITICAL EPSS 35.5%

Published Jun 15, 20262w ago · Modified Jun 17, 20261w ago

9.3 CVSS 4.0

Critical

Published Jun 15, 2026 2w ago

Last Modified Jun 17, 2026 1w ago

Description

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0

CVSS Details

Base Score

9.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

35.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

References 2

cert.pl https://cert.pl/en/posts/2026/06/CVE-2026-5482
github.com https://github.com/trippo/ResponsiveFilemanager

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.