CVE Catalog

CVE-2026-37637

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

A vulnerability in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component. The issue stems from insufficient input validation or code injection protection.

Risk Assessment

An attacker can take over the server, steal data, or install malware, compromising the confidentiality, integrity, and availability of the system.

Recommendation

Immediately update Alexantr filemanager to the latest version or apply the available patch. If no update is available, disable or remove the filemanager.php component until a fix is deployed.

Original NVD description (English source)

An issue in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS