PatchSiren cyber security CVE debrief
CVE-2026-48836 MantraBrain CVE debrief
CVE-2026-48836 is a critical vulnerability in the Easy Invoice plugin, affecting versions up to 2.1.19. This vulnerability allows for unauthenticated remote code execution (RCE), posing a significant risk to affected systems. The vulnerability has a CVSS score of 10, indicating the highest severity level. The CVE was published on 2026-06-15T21:17:15.970Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- MantraBrain
- Product
- Easy Invoice
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of the Easy Invoice plugin, especially those using versions up to 2.1.19, should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by a weakness in the Easy Invoice plugin, specifically identified as CWE-94. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating that the vulnerability can be exploited remotely with low attack complexity, without requiring any privileges or user interaction.
Defensive priority
High
Recommended defensive actions
- Update the Easy Invoice plugin to a version that is not vulnerable (if available).
- Refer to the vendor or mitigation references for more information on securing the affected systems. [ref-4]
Evidence notes
The vulnerability information was obtained from the National Vulnerability Database (NVD) and Patchstack. [nvd] [ref-4]
Official resources
-
CVE-2026-48836 CVE record
CVE.org
-
CVE-2026-48836 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48836 was disclosed on 2026-06-15T21:17:15.970Z.