CVE-2026-37637
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
A vulnerability in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component. The issue stems from insufficient input validation or code injection protection.
Risk Assessment
An attacker can take over the server, steal data, or install malware, compromising the confidentiality, integrity, and availability of the system.
Recommendation
Immediately update Alexantr filemanager to the latest version or apply the available patch. If no update is available, disable or remove the filemanager.php component until a fix is deployed.
Original NVD description (English source)
An issue in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component

