PatchSiren

Responsive FileManager CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Responsive FileManager CVE published 2026-06-15

CVE-2026-5482

CVE-2026-5482 is a critical vulnerability in Responsive FileManager, a project that is currently unmaintained. The vulnerability allows an unauthenticated attacker to upload files of any type and extension without restriction using the dialog.php endpoint, leading to Remote Code Execution (RCE). This vulnerability was found in the latest release (9.14.0) of the project. The CVSS score for this vulnerabili [truncated]

HIGH Responsive FileManager CVE published 2026-05-28

CVE-2026-37266

A remote code execution vulnerability exists in Responsive FileManager version 9.14.0, specifically within the force_download.php component. The vulnerability allows a remote attacker to execute arbitrary code on affected systems. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction required, with high impact across confidentiality, integrit [truncated]