What is CVE-2026-28086?

CVE-2026-28086 is a high-severity vulnerability in the ThemeREX Run Gran WordPress theme, allowing for PHP Local File Inclusion. Organizations must prioritize patching immediately to mitigate risks associated with this vulnerability.

What is the severity of CVE-2026-28086?

CVE-2026-28086 has a severity rating of HIGH with a CVSS base score of 8.1.

CVE-2026-28086 | High Vulnerability in ThemeREX Run Gran

CVE-2026-28086 is a high-severity vulnerability affecting the ThemeREX Run Gran WordPress theme. This vulnerability allows improper control of the filename for include/require statements in PHP programs, specifically allowing PHP Local File Inclusion (LFI). The severity of this vulnerability is rated as high with a CVSS score of 8.1, indicating significant risk to organizations that utilize this theme. The vulnerability is particularly concerning due to its potential impact on confidentiality, integrity, and availability.

Organizations must prioritize patching immediately to mitigate risks associated with this vulnerability. The exploitation of this vulnerability can lead to unauthorized access to sensitive information and system manipulation.

The vulnerability was published on March 5, 2026, and affects all versions of the Run Gran theme up to and including version 2.0. Given the nature of the vulnerability, it is crucial for administrators to review their use of this theme and implement necessary updates as soon as possible.

Currently, there are no known exploits available, but the potential for exploitation exists due to the nature of the flaw. Organizations should remain vigilant and monitor any updates provided by the vendor regarding this vulnerability.

It is essential for organizations using the ThemeREX Run Gran theme to assess their risk and take immediate actions to safeguard their environments against potential exploitation.

Vulnerability Details

The CVE description indicates an improper control of filename for include/require statements, leading to PHP Local File Inclusion vulnerabilities. This issue affects the ThemeREX Run Gran theme, specifically versions from n/a through <= 2.0. The CVSS score of 8.1 indicates a high severity level, highlighting the critical nature of the vulnerability.

Technical Analysis

The root cause of this vulnerability stems from insufficient validation of input used in include/require statements, allowing attackers to manipulate the file path. The attack vector is network-based, which requires no privileges or user interaction to exploit. The complexity of the attack is rated as high, as it may require specific conditions to be met for successful exploitation.

If successfully exploited, the impacts include high confidentiality, integrity, and availability risks, as attackers could potentially access sensitive files and execute arbitrary code.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive information and potential system manipulation. The blast radius is significant, as exploitation could lead to a complete compromise of the affected system. Organizations should assess their exposure to this vulnerability and prioritize remediation efforts based on the CVSS score and potential impact.

Given the current state of the vulnerability, organizations should address this in their priority patch cycle to prevent potential exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects the ThemeREX Run Gran theme from version n/a through <= 2.0. Organizations using this theme must ensure they are operating on a patched version to mitigate risks.

Mitigation & Remediation

Organizations should update to the latest version of the ThemeREX Run Gran theme to remediate this vulnerability. If patches are not available, consider implementing configuration hardening measures to restrict file inclusion functionalities.

For ongoing protection, organizations should engage in penetration testing to identify similar weaknesses.

Detection Guidance

Security teams should monitor for unusual file inclusion patterns and log indicators that may suggest attempts to exploit this vulnerability. Additionally, behavioral anomalies in the application should be investigated promptly.

AppSecure Threat Intelligence Insight

CVE-2026-28086 represents a critical risk within the WordPress ecosystem, particularly for users of the ThemeREX Run Gran theme. This vulnerability highlights the ongoing challenges of securing PHP applications against local file inclusion vulnerabilities.

Security teams must remain proactive in monitoring for vulnerabilities and ensuring that their environments are patched against known threats. The patterns observed with this vulnerability may serve as a lesson in the importance of robust input validation and file handling in web applications.

For further insights on securing web applications, organizations can refer to the following resources: web application penetration testing, vulnerability management programs, and penetration testing methodologies for comprehensive security strategies.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-28086: High Vulnerability in ThemeREX Run Gran