CVE-2026-28086
Local File Inclusion Vulnerability in Run Gran PHP Theme
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themerex | run_gran | to 2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28086 is a Local File Inclusion (LFI) vulnerability found in the WordPress Run Gran Theme versions up to and including 2.0.
This vulnerability allows unauthenticated attackers to exploit improper control of filename parameters in PHP include/require statements, enabling them to include and display local files from the target website.
It is classified under OWASP Top 10 A3: Injection vulnerabilities.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can expose sensitive files on the affected website, such as files containing database credentials.'}, {'type': 'paragraph', 'content': "This exposure could potentially lead to a complete database takeover depending on the website's configuration."}, {'type': 'paragraph', 'content': 'The vulnerability has a high severity score (CVSS 8.1), indicating a high risk and likelihood of exploitation.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'CVE-2026-28086 is a Local File Inclusion (LFI) vulnerability that allows unauthenticated attackers to include and display local files from the target website. Detection typically involves monitoring for suspicious HTTP requests attempting to exploit the include/require statements in the Run Gran theme.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided, common detection methods include inspecting web server logs for unusual URL parameters that reference local files, such as requests containing directory traversal patterns (e.g., ../) or attempts to include sensitive files like /etc/passwd or configuration files.'}, {'type': 'list_item', 'content': 'Use tools like grep to search web server access logs for suspicious patterns, for example: grep -E "(\\.{2}/|etc/passwd|config)" /var/log/apache2/access.log'}, {'type': 'list_item', 'content': 'Employ web application firewalls (WAFs) or intrusion detection systems (IDS) with rules targeting LFI attack signatures.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for the Run Gran theme, immediate mitigation involves applying the Patchstack mitigation rule that blocks attacks exploiting this vulnerability.
Users are strongly advised to implement Patchstackβs mitigation measures promptly to secure their websites until an official patch can be developed, tested, and safely applied.
- Apply Patchstackβs mitigation rule to block exploitation attempts.
- Monitor your website and server logs for suspicious activity related to LFI attempts.
- Consider temporarily disabling or replacing the vulnerable theme if possible.