PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54193 ThemeFusion CVE debrief

The CVE-2026-54193 vulnerability is a contributor arbitrary file deletion issue in Fusion Builder plugin versions <= 3.15.4. The vulnerability has a CVSS score of 7.7 and a HIGH severity. The CVE record was published on 2026-06-17T14:17:58.383Z and has not been modified since then. Users of Fusion Builder plugin versions <= 3.15.4 should review and apply patches from the vendor. The vulnerability allows contributors to delete arbitrary files.

Vendor
ThemeFusion
Product
Fusion Builder
CVSS
HIGH 7.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Users of Fusion Builder plugin versions <= 3.15.4 should review and apply patches from the vendor. The vulnerability allows contributors to delete arbitrary files. The CVSS score is 7.7 with a HIGH severity.

Technical summary

The CVE-2026-54193 vulnerability allows contributors to delete arbitrary files in Fusion Builder plugin versions <= 3.15.4. The CVSS score is 7.7 with a HIGH severity. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The vulnerability is a contributor arbitrary file deletion issue.

Defensive priority

High priority due to HIGH severity CVSS score and potential for significant impact.

Recommended defensive actions

  • Review and apply patches from the vendor
  • Inventory and update Fusion Builder plugin to version > 3.15.4
  • Monitor for suspicious file deletion activities
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.

Evidence notes

Evidence from official CVE services and NVD detail. Limited additional context available. The CVE record was published on 2026-06-17T14:17:58.383Z and has not been modified since then. The vulnerability allows contributors to delete arbitrary files in Fusion Builder plugin versions <= 3.15.4. Users of Fusion Builder plugin versions <= 3.15.4 should review and apply patches from the vendor. The CVSS score is 7.7 with a HIGH severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:58.383Z and has not been modified since then.