Critical severityNVD Advisory· Published May 8, 2026· Updated May 12, 2026

CVE-2026-42287

Description

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been patched in version 2.6.11.

Affected products

Emlog/Emloginferred
Range: <2.6.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/emlog/emlog/security/advisories/GHSA-xxj8-fc63-j3gwnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000