CVE-2026-32401

NONE EPSS 0.05%

Mar 13, 2026

Updated Mar 13, 2026

PHP

Parameter	Value
Type	CWE-98
Vendor	PHP
Public PoC	No

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.

Weakness Type (CWE)

CWE-98

References 1

https://patchstack.com/database/Wordpress/Plugin/sprout-invoices/vulnerability/…

audit@patchstack.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32426

PHP

7.5

CVE-2026-32400

PHP

7.5

CVE-2026-32393

PHP

None

CVE-2026-32392

PHP

None

CVE-2026-32384

PHP

None

CVE Details

CVE ID

CVE-2026-32401

Published Date

Mar 13, 2026

Vendor

PHP

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.05%

Likelihood of exploitation in next 30 days

Percentile: 16.6th percentile (higher than 16.6% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-32401

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-32426

CVE-2026-32400

CVE-2026-32393

CVE-2026-32392

CVE-2026-32384

CVE Details

Editor's Choice

Menu

CVE-2026-32401

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-32426

CVE-2026-32400

CVE-2026-32393

CVE-2026-32392

CVE-2026-32384

CVE Details

Editor's Choice

Stay informed on cybersecurity