PT-2026-57818 · Unknown · Themisnetpanel

Kamil Szczurowski

+1

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-6847

CVSS v4.0

9.3

Critical

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions ThemisNETPanel (affected versions not specified)
Description A Remote Code Execution issue exists due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload, enabling the execution of arbitrary code on the underlying server.
Recommendations Apply the patch released in April 2026.

Fix

RCE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6847

Affected Products

Themisnetpanel