CVE-2026-5482
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
Responsive FileManager allows an unauthenticated attacker to upload files of any type and extension without restriction using the dialog.php endpoint, leading to Remote Code Execution.
Risk Assessment
Exploitation of this vulnerability may lead to serious security incidents, including an attacker gaining control over the system.
Recommendation
It is recommended to immediately update Responsive FileManager to the latest version or implement appropriate security measures to block file uploads by unauthorized users.
Original NVD description (English source)
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14.0

