CRITICAL
4real
CVE published 2026-07-13
CVE-2026-6847
CVE-2026-6847 is a Remote Code Execution vulnerability in ThemisNETPanel. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary code on the underlying server. This issue has been fixed by a patch released in April 2026. Affected users should prioritize patching and review compensating controls. [truncated]