PatchSiren cyber security CVE debrief
CVE-2026-57744 stmcan CVE debrief
A Deserialization of Untrusted Data vulnerability exists in stmcan RT-Theme 18 | Extensions rt18-extensions, potentially allowing Object Injection. The issue affects RT-Theme 18 | Extensions from n/a through version 2.5. The vulnerability has a CVSS score of 9.8 and is classified as CRITICAL. This vulnerability could allow an attacker to inject malicious objects, potentially leading to arbitrary code execution or other security issues. The CVE record was published on 2026-07-13T10:16:40.690Z and has not been modified since then.
- Vendor
- stmcan
- Product
- RT-Theme 18 | Extensions
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Administrators and users of RT-Theme 18 | Extensions rt18-extensions should be aware of this vulnerability, especially if they are using versions up to 2.5. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact and take necessary actions.
Technical summary
The vulnerability is caused by insecure deserialization of untrusted data in the rt18-extensions plugin. This could allow an attacker to inject malicious objects, potentially leading to arbitrary code execution or other security issues. The affected product is RT-Theme 18 | Extensions, with versions from n/a through 2.5 being vulnerable. The CVSS score of 9.8 indicates a high severity vulnerability.
Defensive priority
High
Recommended defensive actions
- Update RT-Theme 18 | Extensions to a version beyond 2.5 if available
- Restrict access to the affected plugin
- Monitor for suspicious activity related to object injection
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-13T10:16:40.690Z and has not been modified since then. The NVD entry is currently in the 'Received' status. This information is based on the NVD entry and the CVE record. The vulnerability affects RT-Theme 18 | Extensions from n/a through version 2.5. The CVSS score is 9.8, classified as CRITICAL. Administrators and users should be aware of this vulnerability, especially if they are using versions up to 2.5.
Official resources
-
CVE-2026-57744 CVE record
CVE.org
-
CVE-2026-57744 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:40.690Z and has not been modified since then. The NVD entry is currently in the 'Received' status.