CVE Catalog

CVE-2026-27412

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

The Pearl - Corporate Business plugin version 3.4.10 and earlier contains an unauthenticated Local File Inclusion (LFI) vulnerability. An attacker can remotely read arbitrary files on the server without requiring authentication.

Risk Assessment

The risk involves potential leakage of sensitive data such as configuration files, passwords, or source code, which could lead to further attack escalation.

Recommendation

Immediately update the Pearl - Corporate Business plugin to a version newer than 3.4.10 if available, or apply temporary mitigations blocking access to vulnerable files.

Original NVD description (English source)

Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS