CVE-2026-42286

EPSS 0.17%
Veröffentlicht 08.05.2026 21:51:11
Zuletzt bearbeitet 12.05.2026 16:45:18
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstelleremlog

≫

Produkt emlog

Version < 2.6.11

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.4	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/emlog/emlog/security/advisories/GHSA-cqqp-rx28-gv2q

https://nvd.nist.gov/vuln/detail/CVE-2026-42286

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-42286

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-42286

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-42286