CVE Catalog

CVE-2026-57647

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

The Panorama Viewer – 360 Degree Image + Video Viewer plugin version 1.6.1 and earlier contains a Local File Inclusion (LFI) vulnerability exploitable by contributors. This allows an attacker with contributor privileges to read sensitive files on the server.

Risk Assessment

The risk involves potential leakage of confidential data, such as configuration files or passwords, which could lead to further attack escalation.

Recommendation

Immediately update the plugin to the latest available version that fixes this vulnerability. If an update is not possible, restrict contributor permissions or temporarily disable the plugin.

Original NVD description (English source)

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS