Remote Code Execution Vulnerability in ThemisNETPanel by ThemisNET
CVE-2026-6847

9.3CRITICAL

Key Information:

Vendor

4real

Vendor
CVE Published:
13 July 2026

What is CVE-2026-6847?

A Remote Code Execution vulnerability exists in ThemisNETPanel due to inadequate authentication mechanisms on a critical file upload feature. This flaw allows unauthenticated attackers to upload malicious PHP files by utilizing a base64-encoded payload. Once the upload is successful, attackers can execute arbitrary code on the server, compromising the system's integrity and security. The issue was addressed with a patch released in April 2026.

Affected Version(s)

ThemisNETPanel 0 < 04.2026

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kamil Szczurowski
Robert Kruczek
.