CVE 9.3 CRITICAL

Remote Code Execution via Unrestricted File Upload in Responsive FileManager_CVE-2026-5482

June 15, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Description

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.

This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0

AI Analysis

Unauthenticated attackers can upload files of any type, leading to Remote Code Execution

Basic Information

ID CVE-2026-5482

Source CERT-PL

Published Jun 15, 2026 at 11:44

Affected Product

Vendor Tecrail

Product Responsive FileManager

Version 9.14.0

Affected Versions Tecrail Responsive FileManager 0

CWE Classification

CWE-434

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Tecrail

Product Responsive FileManager

Version 9.14.0

References

{
    "lastseen": "",
    "description": "Responsive FileManager's allows an unauthenticated\u00a0attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.\u00a0\n\nThis project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release\u00a09.14.0",
    "published": "2026-06-15T11:44:46.963Z",
    "modified": "2026-06-15T11:44:46.963Z",
    "type": "cve",
    "title": "Remote Code Execution via Unrestricted File Upload in Responsive FileManager",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/06/CVE-2026-5482\nhttps://github.com/trippo/ResponsiveFilemanager",
    "id": "CVE-2026-5482",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Tecrail Responsive FileManager 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Responsive FileManager",
    "version": "9.14.0",
    "vendor": "Tecrail",
    "ai_description": "Unauthenticated attackers can upload files of any type, leading to Remote Code Execution",
    "ai_severity": "Critical",
    "ai_vendor": "Tecrail",
    "ai_product": "Responsive FileManager",
    "ai_version": "9.14.0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply