CVE-2026-27075

Name of the Vulnerable Software and Affected Versions Mikado-Themes Belfort versions n/a through 1.0

Description A flaw exists in the handling of filenames used in include/require statements within a PHP program, specifically a PHP Local File Inclusion issue in Mikado-Themes Belfort. This allows for the inclusion of local PHP files. The Include/Require statement does not properly validate the filename, leading to the possibility of including arbitrary files.

Recommendations Versions prior to 1.0 should be updated.