CSRF in Emlog

CVE-2026-34228

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file an…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

Affected products

Emlog — versions < 2.6.8

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

https://github.com/emlog/emlog/security/advisories/GHSA-2rcc-jg83-34vp (x_refsource_CONFIRM)
https://github.com/emlog/emlog/commit/4c3b8f3486e2c9caafee38a5eedb3cd16f8c8d6f (x_refsource_MISC)