cvedb.io
CVE-2026-42286
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2026-05-08T22:16:32.910 · Last modified 2026-06-17T10:47:38.180

Summary

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.