CVE Catalog
CVE-2026-54837
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
The Intranet & Private Site – All-In-One Intranet plugin version 1.8.1 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected intranet resources.
Risk Assessment
The risk involves potential unauthorized access to sensitive data and intranet functions, which could lead to information disclosure or privilege escalation.
Recommendation
It is recommended to immediately update the plugin to a version newer than 1.8.1, where the vulnerability has been patched.
Original NVD description (English source)
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.

