CVE Catalog

CVE-2026-5482

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

35th percentile — higher than 35% of all known CVEs

Summary

Responsive FileManager allows an unauthenticated attacker to upload files of any type and extension without restriction using the dialog.php endpoint, leading to Remote Code Execution.

Risk Assessment

Exploitation of this vulnerability may lead to serious security incidents, including an attacker gaining control over the system.

Recommendation

It is recommended to immediately update Responsive FileManager to the latest version or implement appropriate security measures to block file uploads by unauthorized users.

Original NVD description (English source)

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.  This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0

Vulnerability data from NVD (NIST) · CISA KEV · EPSS