Auth bypass in 4real Themisnetpanel
CVE-2026-6847
Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by prov…
Vulnerability class: Broken Authentication
Affected products
- 4real Themisnetpanel — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)