CVE-2026-5482 | Responsive FileManager's allows an unauthenticated attacker … | CVSS 9.3 CRITICAL

Description

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0

Metadata

CVE ID: CVE-2026-5482
State: PUBLISHED
Assigner: CERT-PL
Reserved: 2026-04-03 09:53 UTC
Published: 2026-06-15 11:44 UTC
Last updated: 2026-06-15 12:32 UTC
Primary CWE: CWE-434
CWE-434 Unrestricted Upload of File with Dangerous Type
Vendor / Product: Tecrail / Responsive FileManager
Sources: cve.org · NVD

Severity & Metrics

9.3 CRITICAL CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Tecrail	Responsive FileManager	—	0 ≤ 9.14.0

Weakness (CWE)

CWE	Source	Description
CWE-434	cna	CWE-434 Unrestricted Upload of File with Dangerous Type

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

References (2)