Remote Code Execution Vulnerability in ThemisNETPanel by ThemisNET
CVE-2026-6847
9.3CRITICAL
What is CVE-2026-6847?
A Remote Code Execution vulnerability exists in ThemisNETPanel due to inadequate authentication mechanisms on a critical file upload feature. This flaw allows unauthenticated attackers to upload malicious PHP files by utilizing a base64-encoded payload. Once the upload is successful, attackers can execute arbitrary code on the server, compromising the system's integrity and security. The issue was addressed with a patch released in April 2026.
Affected Version(s)
ThemisNETPanel 0 < 04.2026
