Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-27412 represents a critical unauthenticated local file inclusion (LFI) vulnerability affecting Pearl Corporate Business versions 3.4.10 and below. This CWE-98 weakness allows attackers to read arbitrary files from the server without authentication, potentially exposing sensitive configuration files, credentials, source code, and business data. Organizations running vulnerable versions of Pearl Corporate Business face immediate risk of information disclosure, which can serve as a stepping stone for further attacks. The unauthenticated nature of this vulnerability makes it particularly dangerous—attackers require no valid credentials or system access to exploit it, only network connectivity to the affected application.
While this CVE currently lacks mapped MITRE ATT&CK techniques in public disclosure, Casky's Claude-powered analysis would detect the attack patterns associated with LFI exploitation through behavioral skill mapping. A practitioner using Casky would identify reconnaissance activities (T1592: Gather Victim Org Information, T1526: Enumerate Cloud Resources) as attackers probe for file paths, followed by credential access patterns (T1110: Brute Force attempts on common file locations) and defense evasion techniques (T1027: Obfuscated Files or Information) used to encode malicious file paths. Extended reasoning analysis would correlate suspicious HTTP requests containing path traversal sequences (../, encoded variants) with successful file reads, surfacing the exploit chain before lateral movement occurs. Security practitioners would see these distinct behavioral signals clustered in their findings, enabling early detection and containment.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-27412. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation