CVE-2026-22367
Local File Inclusion in AncoraThemes Coworking
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ancorathemes | coworking | to 1.6.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22367 is a Local File Inclusion (LFI) vulnerability found in the WordPress Coworking Theme versions up to and including 1.6.1.
This vulnerability allows an unauthenticated attacker to include and display local files from the target website by exploiting improper control of filename for include/require statements in PHP.
As a result, sensitive information such as database credentials can be exposed.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to exposure of sensitive information including database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, an attacker could achieve a complete database takeover."}, {'type': 'paragraph', 'content': 'This represents a high risk to the security and integrity of the affected website.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'CVE-2026-22367 is a Local File Inclusion (LFI) vulnerability in the WordPress Coworking Theme up to version 1.6.1 that allows an attacker to include and display local files. Detection typically involves monitoring for suspicious HTTP requests attempting to exploit the LFI, such as requests containing file path traversal patterns or attempts to include sensitive files.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided in the available resources, common detection methods include inspecting web server logs for unusual URL parameters that include file paths, for example, requests containing strings like "../../" or attempts to access files such as "/etc/passwd".'}, {'type': 'paragraph', 'content': 'Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such suspicious patterns. Patchstack has released a mitigation rule to block attacks targeting this vulnerability, which can also aid in detection.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for the Coworking Theme vulnerability CVE-2026-22367, immediate mitigation steps include applying the Patchstack mitigation rule designed to block attacks targeting this Local File Inclusion vulnerability.
Additionally, it is recommended to restrict access to sensitive files on the server, implement strict input validation and sanitization for any user-supplied input, and consider disabling or limiting the use of PHP include/require statements that use user input.
Monitoring and blocking suspicious requests via a web application firewall (WAF) or intrusion detection system (IDS) can also help reduce the risk of exploitation until an official fix is released.