CVE-2026-52716 purethemes CVE debrief

Who should care

Administrators and users of WorkScout-Core versions <= 1.7.11 should be aware of this vulnerability and take necessary actions to protect their systems. This vulnerability can be exploited by unauthenticated attackers, making it a significant concern for anyone using the affected software.

Technical summary

The vulnerability, identified as CVE-2026-52716, is caused by an unauthenticated arbitrary file deletion weakness in WorkScout-Core versions <= 1.7.11. This weakness can be exploited by attackers to delete files without authentication, potentially leading to data loss and system compromise. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.

Defensive priority

medium

Recommended defensive actions

• Update WorkScout-Core to a version greater than 1.7.11
• Restrict access to sensitive files and directories
• Implement authentication and authorization mechanisms
• Monitor system logs for suspicious activity
• Consider using a Web Application Firewall (WAF) to detect and prevent attacks
• Regularly back up important data to prevent data loss

Evidence notes

The information provided is based on data from the CVE Program and NVD. The CVE record and NVD detail pages provide further information about this vulnerability. The vendor and product information is currently unknown, but a mitigation reference is available from Patchstack.

Official resources