PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57792 Mikado-Themes CVE debrief

CVE-2026-57792 is a HIGH severity vulnerability in D? by Mikado-Themes. The issue is an Improper Control of Filename for Include/Require Statement in PHP Program, allowing for PHP Local File Inclusion. This vulnerability affects D? from n/a through version 2.4.1. Users of D? by Mikado-Themes, version 2.4.1 or earlier, should apply patches or mitigations. The CVSS score is 7.5, and it is classified as HIGH severity.

Vendor
Mikado-Themes
Product
Dør
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of D? by Mikado-Themes, version 2.4.1 or earlier, should apply patches or mitigations. System administrators and security teams responsible for managing and securing D? installations should prioritize patching or mitigating this vulnerability. Additionally, operators and platform administrators may need to review and update inventory of installed themes and plugins.

Technical summary

The vulnerability, CVE-2026-57792, is a PHP Remote File Inclusion issue in the D? theme by Mikado-Themes. It has a CVSS score of 7.5 and is classified as HIGH severity. The issue affects D? from n/a through version 2.4.1. This vulnerability allows for PHP Local File Inclusion due to improper control of filename for include/require statements in PHP programs.

Defensive priority

Apply patches or updates for D? by Mikado-Themes, version 2.4.1 or earlier. Review and update inventory of installed themes and plugins. Monitor for suspicious activity related to file inclusion.

Recommended defensive actions

  • Apply patches or updates for D? by Mikado-Themes, version 2.4.1 or earlier.
  • Review and update inventory of installed themes and plugins.
  • Monitor for suspicious activity related to file inclusion.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

Evidence is limited; verify vulnerability with official records and vendor information. The CVE record was published on 2026-07-13T10:16:43.270Z and has not been modified since then. Limited source detail is available, so defenders should exercise caution and verify the vulnerability with official records and vendor information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:43.270Z and has not been modified since then.