CVE Catalog

CVE-2026-39276

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.27%

51th percentile - higher than 51% of all known CVEs

Summary

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or directly include malicious code files in the current template.

Risk Assessment

This vulnerability poses a serious risk to system security as it allows attackers to execute arbitrary code on the server, potentially leading to system takeover. This could result in data loss, file deletion, or other harmful actions.

Recommendation

It is recommended to immediately update Emlog Pro to the latest version to mitigate this vulnerability. Additionally, restrict file upload capabilities to trusted users and monitor system logs for potential attack attempts.

Original NVD description (English source)

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or directly include malicious code files in the current template.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS