CVE-2026-22389
Awaiting Analysis Awaiting Analysis - Queue
Local File Inclusion Vulnerability in Mikado-Themes Cocco

Publication date: 2026-03-05

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 2.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22389
EUVD
EUVD-2026-9530
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mikado-themes cocco to 1.5.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-22389 is a Local File Inclusion (LFI) vulnerability found in the WordPress Cocco Theme versions up to and including 1.5.1. It allows an unauthenticated attacker to include and display local files from the target website by exploiting improper control of filename parameters in PHP include/require statements.'}, {'type': 'paragraph', 'content': "This vulnerability is classified under the OWASP Top 10 category A3: Injection, indicating it involves injection of unintended input that can manipulate the program's behavior."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can allow attackers to access and display sensitive local files on the affected website, such as database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, this could lead to a complete database takeover, posing a severe security risk."}, {'type': 'paragraph', 'content': 'The vulnerability has a high severity score of 8.1, indicating it is highly dangerous and likely to be exploited in the wild.'}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability allows an unauthenticated attacker to include and display local files from the target website, which may be detected by monitoring for suspicious HTTP requests attempting to access local files via the vulnerable theme.

Since no official patch is available, detection can involve checking web server logs for unusual requests targeting the Cocco theme, especially those attempting to include local files.

Specific commands are not provided in the available resources, but general detection methods include using tools like grep to search web server logs for suspicious patterns or using web application firewalls with rules targeting this vulnerability.

Mitigation Strategies

Immediate mitigation steps include applying the Patchstack mitigation rule that can block attacks targeting this vulnerability until an official patch is released.

Since no official patch is currently available for the Cocco theme, it is recommended to implement security controls such as web application firewalls and restrict access to sensitive files on the server.

Monitoring and blocking suspicious requests that attempt to exploit the Local File Inclusion vulnerability can help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22389. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart