Auth bypass in 4real Themisnetpanel

CVE-2026-6847

Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by prov…

Vulnerability class: Broken Authentication

Affected products

Weakness classification (CWE)

References