← back
CVE-2026-5482

Remote Code Execution via Unrestricted File Upload in Responsive FileManager

CVSS 9.3 CRITICALEPSS 0.4%CWE-434
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.  This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L