CVE Catalog

CVE-2026-42382

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Summary

The Audrey plugin version 1.5 and earlier contains an unauthenticated Local File Inclusion (LFI) vulnerability. An attacker can remotely read arbitrary files on the server without authentication.

Risk Assessment

The risk involves potential leakage of sensitive data such as configuration files, passwords, or source code, which could lead to further attack escalation.

Recommendation

Immediately update the Audrey plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.

Original NVD description (English source)

Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS