CVE-2026-27051
Received Received - Intake
Incorrect Privilege Assignment in Golo ≀ 1.7.0 Enables Escalation

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27051
EUVD
EUVD-2026-15769
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
uxper golo to 1.7.0 (inc)
patchstack golo to 1.7.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

CVE-2026-27051 is a high-severity privilege escalation vulnerability that allows an unauthenticated attacker to gain higher privileges and potentially full control over affected websites using the WordPress Golo Theme up to version 1.7.0.

Such unauthorized privilege escalation can lead to unauthorized access to sensitive data, which may result in violations of common standards and regulations like GDPR and HIPAA that require strict access controls and protection of personal and health information.

Therefore, if exploited, this vulnerability could compromise compliance with these regulations by enabling attackers to bypass authentication and access or manipulate protected data.

No official patch is currently available, but mitigations exist to reduce the risk until a patch is released.

Executive Summary

CVE-2026-27051 is a high-severity privilege escalation vulnerability in the WordPress Golo Theme versions up to and including 1.7.0.

This vulnerability allows an unauthenticated attacker to escalate a low-privileged account to higher privileges, potentially gaining full control over the affected website.

It falls under the OWASP Top 10 category A7: Identification and Authentication Failures.

Impact Analysis

The vulnerability can allow attackers to escalate privileges from a low-privileged user to a higher privileged user or administrator.

This can lead to attackers gaining full control over the affected website.

Such control can result in unauthorized changes, data theft, website defacement, or further exploitation of the server hosting the website.

Mitigation Strategies

CVE-2026-27051 is a critical privilege escalation vulnerability affecting the WordPress Golo Theme up to version 1.7.0, allowing unauthenticated attackers to gain higher privileges.

No official patch is currently available for this vulnerability.

Patchstack has released a mitigation rule that can block attacks exploiting this flaw until an official patch is developed and applied.

  • Apply the Patchstack mitigation rule immediately.
  • Seek assistance from your hosting provider or web developer to implement the mitigation.
  • Perform continuous security monitoring to detect and prevent exploitation attempts.
Detection Guidance

There is no specific information provided about commands or direct detection methods for this vulnerability in the available resources.

However, users are strongly advised to apply the mitigation rule released by Patchstack to block attacks exploiting this flaw until an official patch is available.

Continuous security monitoring and seeking assistance from hosting providers or web developers are recommended to detect and prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27051. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart