CVE-2026-31954

Name of the Vulnerable Software and Affected Versions Emlog versions 2.6.6 and earlier

Description Emlog is an open source website building system. The delete async action lacks a call to LoginAuth::checkToken(), which allows for Cross-Site Request Forgery (CSRF) attacks. The vulnerable action is delete async.

Recommendations Versions prior to 2.6.6 should be updated.