CVE Catalog
CVE-2026-54845
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.27%
19th percentile — higher than 19% of all known CVEs
Summary
The vulnerability allows an unauthenticated attacker to include arbitrary local files on the server in MDTF plugin versions up to and including 1.3.8.
Risk Assessment
An attacker can read sensitive configuration files, credentials, or source code, leading to information disclosure and potential attack escalation.
Recommendation
Immediately update the MDTF plugin to a version newer than 1.3.8 that contains the fix for this vulnerability.
Original NVD description (English source)
Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

