CVE-2026-42286

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: active

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.

352

Cross-Site Request Forgery (CSRF)

Stable

Abstraction: Compound Structure: Composite

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Non-Repudiation Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Medium

View CWE Details

https://github.com/emlog/emlog/security/advisories/GHSA-cqq…

https://github.com/emlog/emlog/security/advisories/GHSA-cqqp-rx28-gv2q

CVE-2026-42286

Description

Cross-Site Request Forgery (CSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter