PatchSiren cyber security CVE debrief
CVE-2026-57792 Mikado-Themes CVE debrief
CVE-2026-57792 is a HIGH severity vulnerability in D? by Mikado-Themes. The issue is an Improper Control of Filename for Include/Require Statement in PHP Program, allowing for PHP Local File Inclusion. This vulnerability affects D? from n/a through version 2.4.1. Users of D? by Mikado-Themes, version 2.4.1 or earlier, should apply patches or mitigations. The CVSS score is 7.5, and it is classified as HIGH severity.
- Vendor
- Mikado-Themes
- Product
- Dør
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of D? by Mikado-Themes, version 2.4.1 or earlier, should apply patches or mitigations. System administrators and security teams responsible for managing and securing D? installations should prioritize patching or mitigating this vulnerability. Additionally, operators and platform administrators may need to review and update inventory of installed themes and plugins.
Technical summary
The vulnerability, CVE-2026-57792, is a PHP Remote File Inclusion issue in the D? theme by Mikado-Themes. It has a CVSS score of 7.5 and is classified as HIGH severity. The issue affects D? from n/a through version 2.4.1. This vulnerability allows for PHP Local File Inclusion due to improper control of filename for include/require statements in PHP programs.
Defensive priority
Apply patches or updates for D? by Mikado-Themes, version 2.4.1 or earlier. Review and update inventory of installed themes and plugins. Monitor for suspicious activity related to file inclusion.
Recommended defensive actions
- Apply patches or updates for D? by Mikado-Themes, version 2.4.1 or earlier.
- Review and update inventory of installed themes and plugins.
- Monitor for suspicious activity related to file inclusion.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
Evidence is limited; verify vulnerability with official records and vendor information. The CVE record was published on 2026-07-13T10:16:43.270Z and has not been modified since then. Limited source detail is available, so defenders should exercise caution and verify the vulnerability with official records and vendor information.
Official resources
-
CVE-2026-57792 CVE record
CVE.org
-
CVE-2026-57792 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:43.270Z and has not been modified since then.