CVE-2026-39276

Published: May 29, 2026

Modified: May 29, 2026

PUBLISHED

Description

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or directly include malicious code files in the current template.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.emlog.net/

https://github.com/LING12138-sg/Emlog-v2.6.9-Vulnerability-Report

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-39276

Description

Affected Products

References