CVE-2026-32367 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 16, 2026
Yannick Lefebvre Modal Dialog - Remote Code Inclusion
Published: March 13, 2026Updated: March 16, 2026Remote Exploitable
Overview
Yannick Lefebvre Modal Dialog <= 3.5.16 contains a remote code inclusion caused by improper control of code generation in modal-dialog, letting remote attackers execute arbitrary code, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Remote attackers can execute arbitrary code, potentially leading to full system compromise.
Mitigation
Update to the latest version beyond 3.5.16.
Related Resources
Details
- CVE ID
- CVE-2026-32367
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- file_inclusion
- Status
- unconfirmed
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H