Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Run Gran ThemeREX Allows Access to Local Files
CVE-2026-28086
Summary
The Run Gran theme from ThemeREX may allow hackers to access and view local files on a website, potentially exposing sensitive information. This is a risk because it allows unauthorized access to files that should be private. Update to the latest version of Run Gran to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affect...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affects Run Gran: from n/a through <= 2.0.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026