CVE-2026-5482: CWE-434 Unrestricted Upload of File with Dangerous Type in Tecrail Responsive FileManager
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0
AI Analysis
Technical Summary
CVE-2026-5482 is a critical vulnerability in Tecrail's Responsive FileManager that permits unauthenticated attackers to upload files with dangerous types and extensions through the dialog.php endpoint. This unrestricted file upload (CWE-434) can result in remote code execution on the affected system. The vulnerability affects all versions up to and including 9.14.0. The project is unmaintained, and no remediation level or patch has been provided by the vendor as of the CVE publication date.
Potential Impact
An attacker can upload arbitrary files without authentication, potentially leading to remote code execution. This compromises the confidentiality, integrity, and availability of the affected system. The CVSS 4.0 base score of 9.3 reflects the critical severity and ease of exploitation without any privileges or user interaction.
Mitigation Recommendations
No official fix or patch is available due to the project being unmaintained. Users should consider discontinuing use of Responsive FileManager or deploying compensating controls such as disabling file uploads, restricting access to the dialog.php endpoint, or isolating the application in a secure environment. Monitoring for suspicious activity and applying web application firewalls with strict upload filtering may help reduce risk until a secure alternative is adopted.
CVE-2026-5482: CWE-434 Unrestricted Upload of File with Dangerous Type in Tecrail Responsive FileManager
Description
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0
CVSS v4.0
Score 9.3critical
Affected software
pkg:github/Responsive FileManagerRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-5482 is a critical vulnerability in Tecrail's Responsive FileManager that permits unauthenticated attackers to upload files with dangerous types and extensions through the dialog.php endpoint. This unrestricted file upload (CWE-434) can result in remote code execution on the affected system. The vulnerability affects all versions up to and including 9.14.0. The project is unmaintained, and no remediation level or patch has been provided by the vendor as of the CVE publication date.
Potential Impact
An attacker can upload arbitrary files without authentication, potentially leading to remote code execution. This compromises the confidentiality, integrity, and availability of the affected system. The CVSS 4.0 base score of 9.3 reflects the critical severity and ease of exploitation without any privileges or user interaction.
Mitigation Recommendations
No official fix or patch is available due to the project being unmaintained. Users should consider discontinuing use of Responsive FileManager or deploying compensating controls such as disabling file uploads, restricting access to the dialog.php endpoint, or isolating the application in a secure environment. Monitoring for suspicious activity and applying web application firewalls with strict upload filtering may help reduce risk until a secure alternative is adopted.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-04-03T09:53:14.018Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2fe9580b89be6888e98679
Added to database: 6/15/2026, 12:00:24 PM
Last enriched: 6/15/2026, 12:15:14 PM
Last updated: 6/15/2026, 3:05:42 PM
Views: 15
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.