CVE-2026-34895 WebGeniusLab CVE debrief

Who should care

Administrators and users of Softlab Core plugin versions < 1.2.11 should be aware of this vulnerability and take necessary actions to update to a patched version. Security teams should prioritize this vulnerability due to its HIGH severity and potential impact on affected systems.

Technical summary

CVE-2026-34895 is a local file inclusion vulnerability in Softlab Core plugin versions < 1.2.11. The vulnerability allows unauthenticated attackers to include local files, potentially leading to code execution, data exposure, or other malicious activities. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a HIGH severity. The weakness associated with this vulnerability is CWE-98.

Defensive priority

HIGH

Recommended defensive actions

• Update Softlab Core plugin to version 1.2.11 or later
• Restrict access to sensitive files and directories
• Implement additional security measures to prevent local file inclusion attacks
• Monitor systems for suspicious activity
• Consider using a Web Application Firewall (WAF) to detect and prevent attacks
• Regularly review and update software dependencies to ensure timely patching of vulnerabilities

Evidence notes

The information provided is based on data from the NVD database and Patchstack. The CVE record and NVD detail pages provide additional information about the vulnerability. However, due to the limited information available, further research may be necessary to fully understand the vulnerability and its potential impact.

Official resources