Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-40383: WordPress File Inclusion Vulnerability Allows Local File Access

CVE-2026-40383

Summary

A vulnerability in WordPress allows attackers to access files on the server by tricking the system into thinking they are legitimate URLs. This could lead to sensitive data exposure or malicious code execution. To fix this, update WordPress to the latest version and ensure all plugins and themes are up-to-date as well.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
joomla	joomla\!	>= 3.2.1, < 5.4.6 >= 6.0.0, < 6.1.1 `cpe:2.3:a:joomla:joomla\!::::::::`

Original title

An improper validation of user-supplied input leads to a local file inclusion vulnerability.

Original description

An improper validation of user-supplied input leads to a local file inclusion vulnerability.

nvd CVSS4.0 7.5

Vulnerability type

CWE-22 Path Traversal

https://developer.joomla.org/security-centre/1041-20260509-core-lfi-in-htmlview-...

Published: 26 May 2026 · Updated: 27 May 2026 · First seen: 26 May 2026