CVE-2026-27412
StylemixThemes · Pearl - Corporate Business
A Local File Inclusion (LFI) vulnerability exists in the Pearl - Corporate Business theme, allowing unauthenticated attackers to read sensitive files on the server.
Executive summary
An unauthenticated Local File Inclusion vulnerability in the StylemixThemes Pearl - Corporate Business theme poses a severe risk of unauthorized file access and potential server compromise.
Vulnerability
This vulnerability is a Local File Inclusion (LFI) flaw that allows an unauthenticated attacker to manipulate file paths and access arbitrary files on the underlying server. Because no authentication is required, any remote actor can exploit this to read sensitive configuration files or credentials.
Business impact
Successful exploitation of this flaw can lead to the exposure of sensitive system files, configuration data, and potentially database credentials, facilitating further attacks. With a CVSS score of 8.1, this is a high-severity issue that could result in a complete compromise of the web application and unauthorized access to hosted data.
Remediation
Immediate Action: Update the Pearl - Corporate Business theme to the latest version provided by the vendor immediately.
Proactive Monitoring: Review web server access logs for requests containing directory traversal sequences (e.g., ../) or attempts to access system files like /etc/passwd.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block directory traversal and unauthorized file inclusion attempts.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the high CVSS score and the ability for unauthenticated attackers to access sensitive files, this vulnerability must be treated with extreme urgency. Administrators should verify their current version and apply security patches as soon as they are released to prevent potential data exfiltration or system compromise.