PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52707 Mikado-Themes CVE debrief

CVE-2026-52707 is a HIGH severity vulnerability (CVSS Score: 8.1) in the Kastell theme, affecting versions <= 2.0. This vulnerability allows unauthenticated local file inclusion. The CVE was published on 2026-06-17T14:17:57.053Z and last modified on 2026-06-17T15:17:00.290Z. Users of Kastell theme versions <= 2.0 should take immediate action to mitigate this vulnerability.

Vendor
Mikado-Themes
Product
Kastell
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of Kastell theme versions <= 2.0 should be aware of this vulnerability and take necessary actions to secure their installations.

Technical summary

The vulnerability is caused by an unauthenticated local file inclusion in Kastell theme versions <= 2.0. This allows attackers to include local files without authentication, potentially leading to sensitive information disclosure or code execution. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

HIGH

Recommended defensive actions

  • Update Kastell theme to a version greater than 2.0.
  • Restrict access to sensitive files and directories.
  • Implement proper input validation and sanitization.
  • Monitor for suspicious activity and implement logging and auditing.
  • Consider using a Web Application Firewall (WAF) to detect and prevent attacks.
  • Regularly review and update software and plugins.
  • Limit access to the Kastell theme to only necessary users and groups.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record and NVD detail can be found at [cve-org] and [nvd] respectively. Additional information is available at [ref-4].

Official resources

public