CVE Catalog
CVE-2026-27412
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
The Pearl - Corporate Business plugin version 3.4.10 and earlier contains an unauthenticated Local File Inclusion (LFI) vulnerability. An attacker can remotely read arbitrary files on the server without requiring authentication.
Risk Assessment
The risk involves potential leakage of sensitive data such as configuration files, passwords, or source code, which could lead to further attack escalation.
Recommendation
Immediately update the Pearl - Corporate Business plugin to a version newer than 3.4.10 if available, or apply temporary mitigations blocking access to vulnerable files.
Original NVD description (English source)
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.

