CVE-2026-42286

Vulnerability Description

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.

Vulnerability Details

Published Date

May 08, 2026

Last Modified

May 12, 2026

CWE ID

CWE-352

Source

NVD

Vendor

emlog

Product

emlog

External References

https://github.com/emlog/emlog/security/advisories/GHSA-cqqp-rx28-gv2q

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment