CVE-2026-22367 is a vulnerability affecting AncoraThemes Coworking, a PHP-based coworking management software, in versions up to and including 1.6.1. The issue arises from improper validation and control over filenames used in PHP include or require statements. This flaw enables attackers to perform Remote File Inclusion (RFI) or Local File Inclusion (LFI), where malicious files can be included and executed on the server. The vulnerability is exploitable remotely over the network without requiring authentication or user interaction, though it has a high attack complexity, indicating some conditions must be met for successful exploitation. The impact is severe, allowing attackers to execute arbitrary code, leading to full system compromise including data theft, data manipulation, and denial of service. Despite the lack of known exploits in the wild, the CVSS v3.1 score of 8.1 reflects the critical nature of this vulnerability. The absence of patches or official fixes at this time necessitates immediate attention from administrators. The vulnerability is particularly dangerous in shared hosting or multi-tenant environments where an attacker could leverage this flaw to escalate privileges or move laterally. Proper input validation and sanitization of include paths are missing, which is the root cause of this vulnerability.

The impact of CVE-2026-22367 is significant for organizations using AncoraThemes Coworking software. Successful exploitation can lead to complete compromise of affected web servers, including unauthorized access to sensitive data, modification or deletion of data, and disruption of service availability. Attackers could execute arbitrary PHP code, potentially installing backdoors or malware, leading to persistent access and further network infiltration. This can result in data breaches, loss of customer trust, regulatory penalties, and operational downtime. Organizations relying on this software for coworking space management or booking systems face risks of service disruption and data integrity loss. The vulnerability's remote exploitability without authentication increases the attack surface, making it attractive for opportunistic attackers and advanced persistent threats alike. The lack of known exploits currently provides a window for proactive defense, but the high severity demands urgent mitigation to prevent future attacks.

To mitigate CVE-2026-22367, organizations should immediately apply any available patches or updates from AncoraThemes once released. In the absence of official patches, administrators should implement strict input validation and sanitization on all parameters used in include or require statements to prevent arbitrary file inclusion. Employing web application firewalls (WAFs) with rules to detect and block suspicious file inclusion attempts can provide temporary protection. Restrict PHP configuration settings such as 'allow_url_include' to 'Off' to prevent remote file inclusion. Use least privilege principles for web server and application file permissions to limit the impact of potential exploitation. Conduct thorough code reviews focusing on dynamic file inclusion logic and refactor code to avoid using user-controlled input in include paths. Monitor web server logs for unusual requests indicative of file inclusion attempts. Finally, consider isolating the application environment using containerization or sandboxing to reduce lateral movement risks.