None severityNVD Advisory· Published May 8, 2026· Updated May 12, 2026

CVE-2026-41517

Description

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11.

Affected products

Emlog/Emloginferred
Range: <2.6.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/emlog/emlog/security/advisories/GHSA-8qwx-6jx6-94x4nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000