CVE Catalog

CVE-2026-54837

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

The Intranet & Private Site – All-In-One Intranet plugin version 1.8.1 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected intranet resources.

Risk Assessment

The risk involves potential unauthorized access to sensitive data and intranet functions, which could lead to information disclosure or privilege escalation.

Recommendation

It is recommended to immediately update the plugin to a version newer than 1.8.1, where the vulnerability has been patched.

Original NVD description (English source)

Unauthenticated Broken Access Control in Intranet &amp; Private Site &#8211; All-In-One Intranet <= 1.8.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS