PatchSiren cyber security CVE debrief
CVE-2026-57795 themelexus CVE debrief
CVE-2026-57795 is a HIGH severity vulnerability in the Kitchor theme, with a CVSS score of 7.5. The vulnerability is caused by Improper Control of Filename for Include/Require Statement in PHP Program, allowing for PHP Local File Inclusion. The affected product is Kitchor, with versions from n/a through <= 1.4.3 vulnerable. This vulnerability can lead to unauthorized access, code execution, and potentially compromise the affected system. Users of Kitchor theme version 1.4.3 or earlier should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. The vulnerability can be exploited remotely, and high priority should be given to patching or mitigating this vulnerability.
- Vendor
- themelexus
- Product
- Kitchor
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Kitchor theme version 1.4.3 or earlier should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review and mitigate this vulnerability.
Technical summary
The vulnerability exists due to improper control of filenames in the Kitchor theme, allowing attackers to include local files via PHP. This can lead to unauthorized access, code execution, and potentially compromise the affected system. The affected product is Kitchor, with versions from n/a through <= 1.4.3 vulnerable. The vulnerability can be exploited remotely, and high priority should be given to patching or mitigating this vulnerability.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it can be exploited remotely and can lead to unauthorized access, code execution, and potentially compromise the affected system.
Recommended defensive actions
- Apply patches or updates provided by the vendor
- Implement compensating controls, such as web application firewalls
- Monitor for suspicious activity and exception tracking
- Review and verify the existence of affected product deployments in managed environments
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
Evidence is limited; primary official records indicate a HIGH severity vulnerability in Kitchor theme versions <= 1.4.3. The vulnerability exists due to improper control of filenames in the Kitchor theme, allowing attackers to include local files via PHP. This can lead to unauthorized access, code execution, and potentially compromise the affected system. Defenders should verify the existence of affected product deployments, review official advisories, and plan for vendor-supported updates or mitigations.
Official resources
-
CVE-2026-57795 CVE record
CVE.org
-
CVE-2026-57795 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:43.643Z and has not been modified since then.