SQL Injection Vulnerability in Emlog Website Building System
CVE-2026-42287

10CRITICAL

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-42287?

Emlog, an open-source website building framework, has a vulnerability that allows attackers to execute arbitrary SQL commands through direct SQL injection during article creation and update functions. This flaw, present in versions before 2.6.11, could lead to significant security breaches, including complete database compromise and potential data theft or destruction. Users are advised to upgrade to version 2.6.11 or later to safeguard their systems. More details can be found in the official advisory.

Affected Version(s)

emlog < 2.6.11

References

https://github.com/emlog/emlog/security/advisories/GHSA-x...

x_refsource_CONFIRM

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Apr 26, 2026

CVE-2026-42287 Data

JSON