CVE-2026-21433

Name of the Vulnerable Software and Affected Versions Emlog versions up to and including 2.5.19

Description Emlog is vulnerable to server-side Out-of-Band (OOB) requests and Server-Side Request Forgery (SSRF) through the handling of uploaded SVG files. An attacker can upload a specially crafted SVG file via the /admin/media.php endpoint. When the server processes the SVG file, it makes HTTP requests to a host controlled by the attacker, leading to potential internal network probing and exposure of metadata or credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.