Cross-Site Request Forgery in Emlog Leads to Vulnerabilities
CVE-2026-21430

7HIGH

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 2 January 2026

What is CVE-2026-21430?

Emlog, an open-source website building system, has a security flaw in its article creation feature in version 2.5.23, which is susceptible to Cross-Site Request Forgery (CSRF). This vulnerability could allow an attacker to trick a user into posting articles containing malicious content without their consent. If exploited in conjunction with stored cross-site scripting (XSS), it could potentially lead to unauthorized account access. As of the latest update, no patched versions have been released to mitigate this risk.

Affected Version(s)

emlog = 2.5.23

References

https://github.com/emlog/emlog/security/advisories/GHSA-2...

x_refsource_CONFIRM

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2026
Vulnerability Reserved
Dec 29, 2025

CVE-2026-21430 Data

JSON