CVE Catalog

CVE-2026-54845

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to include arbitrary local files on the server in MDTF plugin versions up to and including 1.3.8.

Risk Assessment

An attacker can read sensitive configuration files, credentials, or source code, leading to information disclosure and potential attack escalation.

Recommendation

Immediately update the MDTF plugin to a version newer than 1.3.8 that contains the fix for this vulnerability.

Original NVD description (English source)

Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS