CVE-2026-28123 - Vulnerability Analysis

Overview

AncoraThemes Veil <= 1.9 contains a file inclusion vulnerability caused by improper control of filename in include/require statements, letting remote attackers include local files, exploit requires crafted request.

Severity & Score

Impact

Remote attackers can include and execute local files, potentially leading to code execution or information disclosure.

Mitigation

Update to the latest version beyond 1.9.

References

• https://patchstack.com/database/Wordpress/Theme/veil/vulnerability/wordpress-veil-theme-1-9-local-file-inclusion-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🟠 CVE-2026-28123 - High (8.1) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28123/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner