CVE-2026-27412

StylemixThemes · Pearl - Corporate Business

A Local File Inclusion (LFI) vulnerability exists in the Pearl - Corporate Business theme, allowing unauthenticated attackers to read sensitive files on the server.

Executive summary

An unauthenticated Local File Inclusion vulnerability in the StylemixThemes Pearl - Corporate Business theme poses a severe risk of unauthorized file access and potential server compromise.

Vulnerability

This vulnerability is a Local File Inclusion (LFI) flaw that allows an unauthenticated attacker to manipulate file paths and access arbitrary files on the underlying server. Because no authentication is required, any remote actor can exploit this to read sensitive configuration files or credentials.

Business impact

Successful exploitation of this flaw can lead to the exposure of sensitive system files, configuration data, and potentially database credentials, facilitating further attacks. With a CVSS score of 8.1, this is a high-severity issue that could result in a complete compromise of the web application and unauthorized access to hosted data.

Remediation

Immediate Action: Update the Pearl - Corporate Business theme to the latest version provided by the vendor immediately.

Proactive Monitoring: Review web server access logs for requests containing directory traversal sequences (e.g., ../) or attempts to access system files like /etc/passwd.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block directory traversal and unauthorized file inclusion attempts.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the high CVSS score and the ability for unauthenticated attackers to access sensitive files, this vulnerability must be treated with extreme urgency. Administrators should verify their current version and apply security patches as soon as they are released to prevent potential data exfiltration or system compromise.