PT-2026-39202 · Emlog · Emlog
Lan041221
·
Published
2026-05-08
·
Updated
2026-05-12
·
CVE-2026-42286
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Emlog versions prior to 2.6.11
Description
Missing Cross-Site Request Forgery (CSRF) protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions. These actions include system registration, plugin management, and configuration changes. CSRF is a flaw where a malicious site tricks a user's browser into sending an unauthorized request to a web application where the user is authenticated.
Recommendations
Update to version 2.6.11.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emlog