CVE-2026-42286

high

Description

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.

References

https://github.com/emlog/emlog/security/advisories/GHSA-cqqp-rx28-gv2q

Details

Source: Mitre, NVD

Published: 2026-05-08

Updated: 2026-05-08

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium

CVSS v4

Base Score: 8.4

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:H/SI:L/SA:L

Severity: High

EPSS

EPSS: 0.00019

Detections

Analytics