CVE Catalog
CVE-2026-42382
HighCVSS 8.1Summary
The Audrey plugin version 1.5 and earlier contains an unauthenticated Local File Inclusion (LFI) vulnerability. An attacker can remotely read arbitrary files on the server without authentication.
Risk Assessment
The risk involves potential leakage of sensitive data such as configuration files, passwords, or source code, which could lead to further attack escalation.
Recommendation
Immediately update the Audrey plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.
Original NVD description (English source)
Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.

