CVE-2026-39276

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.6.9

Description The template upload feature contains a path traversal issue, which occurs when an application uses user-supplied input to construct a pathname that is then used in a file operation. This allows authenticated administrators to execute arbitrary PHP code by uploading a malicious ZIP archive containing directory traversal sequences in filenames. This process enables the overwriting of default template files or the direct inclusion of malicious code files within the current template.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.