CVE-2026-27047
Local File Inclusion Vulnerability in Mikado-Themes Curly Core
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mikado-themes | curly_core | to 2.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27047 is a Local File Inclusion (LFI) vulnerability affecting the WordPress Curly Core Plugin versions up to and including 2.1.6. It arises from improper control of filenames used in PHP include or require statements, allowing unauthenticated attackers to include and display local files from the target website.
This vulnerability is classified as high priority with a CVSS score of 8.1 and falls under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
The vulnerability allows attackers to access and display sensitive local files on the affected website, such as database credentials.
This exposure can lead to a complete database takeover depending on the website's configuration, potentially compromising the entire site.
Because it is exploitable by unauthenticated attackers, it poses a significant security risk to affected websites.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The CVE-2026-27047 vulnerability allows unauthenticated attackers to include and display local files from the target website, which can be detected by monitoring for suspicious HTTP requests attempting to exploit Local File Inclusion (LFI) patterns.
Common detection methods include inspecting web server logs for requests containing file inclusion patterns such as "?file=", "?include=", or directory traversal sequences like "../".
Example commands to detect potential exploitation attempts on a Linux system include:
- grep -iE "(\?file=|\?include=|\.\./)" /var/log/apache2/access.log
- tail -f /var/log/nginx/access.log | grep -i "include"
Additionally, network intrusion detection systems (NIDS) can be configured to alert on suspicious HTTP requests that match LFI attack signatures.
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for CVE-2026-27047, immediate mitigation steps include applying the mitigation rule provided by Patchstack to block attacks exploiting this Local File Inclusion vulnerability.
Users are strongly advised to update the Curly Core plugin immediately once an official patch is released.
In the meantime, seek assistance from your hosting provider or web developer to implement available mitigations and monitor your website for suspicious activity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to include and display local files from the target website, potentially exposing sensitive information such as database credentials.
Exposure of sensitive data could lead to a complete database takeover depending on the website's configuration.
Such exposure of sensitive information may result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.