NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-42286

Summary	Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue has been patched in version 2.6.11.
Publication Date	May 9, 2026, 7:16 a.m.
Registration Date	May 10, 2026, 4:09 a.m.
Last Update	May 9, 2026, 7:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/emlog/emlog/security/advisories/GHSA-cqqp-rx28-gv2q	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-352	クロスサイト・リクエスト・フォージェリ（CSRF）	https://cwe.mitre.org/data/definitions/352.html
2	CWE-352	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html