Path Traversal Vulnerability in Emlog Pro by Emlog
CVE-2026-39276

7.2HIGH

Key Information:

Vendor

Emlog

Status
Vendor
CVE Published:
29 May 2026

What is CVE-2026-39276?

The template upload feature in Emlog Pro v2.6.9 contains a path traversal vulnerability that can be exploited by authenticated administrators. This flaw enables attackers to upload malicious ZIP files crafted with directory traversal sequences in their filenames. Such an action can lead to the overwriting of default template files or direct inclusion of malicious PHP code, posing significant risks to the integrity and security of the affected system.

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.