PatchSiren cyber security CVE debrief
CVE-2026-54193 ThemeFusion CVE debrief
The CVE-2026-54193 vulnerability is a contributor arbitrary file deletion issue in Fusion Builder plugin versions <= 3.15.4. The vulnerability has a CVSS score of 7.7 and a HIGH severity. The CVE record was published on 2026-06-17T14:17:58.383Z and has not been modified since then. Users of Fusion Builder plugin versions <= 3.15.4 should review and apply patches from the vendor. The vulnerability allows contributors to delete arbitrary files.
- Vendor
- ThemeFusion
- Product
- Fusion Builder
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of Fusion Builder plugin versions <= 3.15.4 should review and apply patches from the vendor. The vulnerability allows contributors to delete arbitrary files. The CVSS score is 7.7 with a HIGH severity.
Technical summary
The CVE-2026-54193 vulnerability allows contributors to delete arbitrary files in Fusion Builder plugin versions <= 3.15.4. The CVSS score is 7.7 with a HIGH severity. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The vulnerability is a contributor arbitrary file deletion issue.
Defensive priority
High priority due to HIGH severity CVSS score and potential for significant impact.
Recommended defensive actions
- Review and apply patches from the vendor
- Inventory and update Fusion Builder plugin to version > 3.15.4
- Monitor for suspicious file deletion activities
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
Evidence notes
Evidence from official CVE services and NVD detail. Limited additional context available. The CVE record was published on 2026-06-17T14:17:58.383Z and has not been modified since then. The vulnerability allows contributors to delete arbitrary files in Fusion Builder plugin versions <= 3.15.4. Users of Fusion Builder plugin versions <= 3.15.4 should review and apply patches from the vendor. The CVSS score is 7.7 with a HIGH severity.
Official resources
-
CVE-2026-54193 CVE record
CVE.org
-
CVE-2026-54193 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:58.383Z and has not been modified since then.