CVE-2026-22395

Name of the Vulnerable Software and Affected Versions Mikado-Themes Fiorello versions prior to 1.1

Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. The affected component is the Fiorello theme.

Recommendations Update to Fiorello version 1.1 or later.