Emlog Pro · Emlog Pro · CVE-2026-39276
**Name of the Vulnerable Software and Affected Versions**
Emlog Pro version 2.6.9
**Description**
The template upload feature contains a path traversal issue, which occurs when an application uses user-supplied input to construct a pathname that is then used in a file operation. This allows authenticated administrators to execute arbitrary PHP code by uploading a malicious ZIP archive containing directory traversal sequences in filenames. This process enables the overwriting of default template files or the direct inclusion of malicious code files within the current template.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.