Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Alchemists PHP Software Allows Access to Local Files
CVE-2026-27334
Summary
The Alchemists software has a security flaw that allows attackers to access and read files on the server where it's installed. This is a significant risk because it could allow unauthorized access to sensitive information. To fix this, update to a version of Alchemists 4.6.0 or later.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dan_fisher Alchemists alchemists allows PHP Local File Inclusion.This issue ...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dan_fisher Alchemists alchemists allows PHP Local File Inclusion.This issue affects Alchemists: from n/a through <= 4.6.0.
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026