CVE-2026-5482 | THREATINT

Description

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0

PUBLISHED Reserved 2026-04-03 | Published 2026-06-15 | Updated 2026-06-15 | Assigner CERT-PL

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

unaffected

Any version

affected

Credits

Kamil Szczurowski finder

Robert Kruczek finder

References

cert.pl/en/posts/2026/06/CVE-2026-5482 third-party-advisory

github.com/trippo/ResponsiveFilemanager product

cve.org (CVE-2026-5482)

nvd.nist.gov (CVE-2026-5482)

Download JSON