CVE-2026-27065 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 19, 2026
ThimPress BuilderPress - Local File Inclusion
Overview
ThimPress BuilderPress <= 2.0.1 contains a local file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires crafted input.
Severity & Score
Impact
Attackers can include local files, potentially leading to code execution or information disclosure.
Mitigation
Update to the latest version beyond 2.0.1.
Social Media Activity(3 posts)
šØ CRITICAL: CVE-2026-27065 in ThimPress BuilderPress (ā¤2.0.1) lets attackers perform unauthenticated RFI, risking full WordPress compromise. Disable plugin & harden PHP configs immediately! https://radar.offseq.com/threat/cve-2026-27065-cwe-98-improper-control-of-filename-c54e685b #OffSeq #WordPress #Vuln #RFI #CVE202627065
View original post
š“ CVE-2026-27065 - Critical (9.8) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1. š https://www.thehackerwire.com/vulnerability/CVE-2026-27065/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-27065 - Critical (9.8) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1. š https://www.thehackerwire.com/vulnerability/CVE-2026-27065/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-27065
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- file_inclusion
- Status
- unconfirmed
- EPSS
- 11.5%
- Social Posts
- 3
CWE
- CWE-98
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H