PatchSiren

Emlog CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Emlog CVE published 2026-05-29

CVE-2026-39276

A path traversal vulnerability in Emlog Pro v2.6.9 allows authenticated administrators to execute arbitrary PHP code via malicious template uploads. The vulnerability stems from insufficient validation of ZIP archive contents, permitting directory traversal sequences in filenames to overwrite default template files or inject malicious code directly into the active template. This requires high privileges ( [truncated]