PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57799 uxper CVE debrief

CVE-2026-57799 is a HIGH severity vulnerability in uxper Nuss nuss, with a CVSS score of 7.5. The vulnerability is classified as Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'). This issue affects Nuss from n/a through <= 1.3.6. Users of uxper Nuss nuss, particularly those using versions up to and including 1.3.6, should be aware of this vulnerability and take necessary precautions. The vulnerability exists in the uxper Nuss nuss plugin, allowing for PHP Local File Inclusion. High priority should be given to updating or patching the vulnerable uxper Nuss nuss plugin.

Vendor
uxper
Product
Nuss
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of uxper Nuss nuss, particularly those using versions up to and including 1.3.6, should be aware of this vulnerability and take necessary precautions. Operators, administrators, and security teams responsible for managing and securing uxper Nuss nuss deployments should prioritize patching or mitigating this vulnerability.

Technical summary

The vulnerability exists in the uxper Nuss nuss plugin, allowing for PHP Local File Inclusion. The issue affects Nuss from n/a through <= 1.3.6. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This vulnerability can be exploited by an attacker to include files from the local file system, potentially leading to code execution.

Defensive priority

High priority should be given to updating or patching the vulnerable uxper Nuss nuss plugin.

Recommended defensive actions

  • Inventory and verify the uxper Nuss nuss plugin version.
  • Apply patches or updates provided by the vendor.
  • Implement compensating controls, such as monitoring and exception tracking.
  • Consider restricting access to the plugin's functionality.
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The vulnerability was reported by [email protected] and is listed in the NVD database. The CVE record was published on 2026-07-13T10:16:44.110Z and has not been modified since then. The source item URL for CVE-2026-57799 is available for further information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:44.110Z and has not been modified since then.