What is the CVSS score of CVE-2026-32400?

CVE-2026-32400 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of PHP are affected by CVE-2026-32400?

A Local File Inclusion vulnerability in ThemetechMount Boldman (versions 7.7 and earlier) could allow attackers to access sensitive files on affected systems, potentially exposing confidential data…

PHP CVE-2026-32400

Q: How to fix or mitigate CVE-2026-32400?

Within 24 hours: Identify all systems running Boldman version 7.7 or earlier and assess exposure to untrusted user input. Within 7 days: Implement compensating controls including WAF rules to block malicious file inclusion attempts and restrict application file access permissions. Within 30 days: Contact ThemetechMount for patch availability, plan upgrade strategy to a patched version, and conduct file access audit to detect potential exploitation.

EUVD-2026-11917 HIGH

PHP Remote File Inclusion (CWE-98)

2026-03-13 Patchstack

PHP Information Disclosure LFI

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2026-11917

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

CVE Published

Mar 13, 2026 - 11:42 nvd

HIGH 7.5

DescriptionNVD

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.

AnalysisAI

A PHP remote file inclusion vulnerability exists in the ThemetechMount Boldman theme that allows attackers to include arbitrary local files, potentially leading to remote code execution. The vulnerability affects all Boldman theme versions up to and including version 7.7, enabling authenticated attackers with low privileges to compromise the system through malicious file inclusion. …

RemediationAI

Within 24 hours: Identify all systems running Boldman version 7.7 or earlier and assess exposure to untrusted user input. Within 7 days: Implement compensating controls including WAF rules to block malicious file inclusion attempts and restrict application file access permissions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32400 vulnerability details – vuln.today

Back

PHP CVE-2026-32400

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code