CSRF Vulnerability in Emlog Web Building System
CVE-2026-42286

8.4HIGH

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-42286?

The Emlog website building system is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that affects versions prior to 2.6.11. This flaw allows an attacker to exploit the lack of adequate CSRF protection in critical administrative functions. By tricking an authenticated administrator into performing actions such as system registration, plugin management, and configuration changes, the attacker can potentially compromise the integrity and security of the entire system. Users are advised to update to version 2.6.11 or later to mitigate this risk.

Affected Version(s)

emlog < 2.6.11

References

https://github.com/emlog/emlog/security/advisories/GHSA-c...

x_refsource_CONFIRM

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Apr 26, 2026

CVE-2026-42286 Data

JSON