CVE-2026-28086 - Vulnerability Analysis

Overview

ThemeREX Run Gran <= 2.0 contains a local file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires crafted input.

Severity & Score

Impact

Attackers can include and execute local files, potentially leading to code execution or information disclosure.

Mitigation

Update to the latest version beyond 2.0.

References

• https://patchstack.com/database/Wordpress/Theme/run-gran/vulnerability/wordpress-run-gran-theme-2-0-local-file-inclusion-vulnerability?_s_id=cve

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner