PatchSiren cyber security CVE debrief
CVE-2026-49111 ThemeGrill CVE debrief
A HIGH severity vulnerability (CVSS 8.8) was found in Masteriyo - LMS, allowing for Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0.
- Vendor
- ThemeGrill
- Product
- Masteriyo - LMS
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Masteriyo - LMS, particularly those using versions from n/a through 2.2.0, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability, classified as CWE-266, is an Incorrect Privilege Assignment issue in the Masteriyo - LMS plugin. This allows for Privilege Escalation, with a CVSS score of 8.8, indicating a HIGH severity.
Defensive priority
HIGH
Recommended defensive actions
- Update Masteriyo - LMS to a version beyond 2.2.0 if available.
- Review and adjust privileges for users of Masteriyo - LMS to minimize potential impact.
- Monitor for any suspicious activity related to privilege escalation in Masteriyo - LMS.
Evidence notes
Evidence for this CVE comes from the National Vulnerability Database (NVD) and Patchstack.
Official resources
-
CVE-2026-49111 CVE record
CVE.org
-
CVE-2026-49111 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49111 was published and modified on 2026-06-15T14:16:35.973Z.