CVE-2026-27986

Name of the Vulnerable Software and Affected Versions ThemeREX OsTende versions through 1.4.3

Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files.

Recommendations Update to a version later than 1.4.3.