VYPR
High severity7.2NVD Advisory· Published May 29, 2026· Updated Jun 11, 2026

CVE-2026-39276

CVE-2026-39276

Description

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or directly include malicious code files in the current template.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Emlog/Emlog2 versions
    cpe:2.3:a:emlog:emlog:2.6.9:*:*:*:pro:*:*:*+ 1 more
    • cpe:2.3:a:emlog:emlog:2.6.9:*:*:*:pro:*:*:*
    • (no CPE)range: = 2.6.9

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.