CVE-2026-46687
Emlog Local File Inclusion (LFI)
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from api_controller.php without validation, and log_controller.php later checks file_exists and calls include View::getView($template), allowing an authenticated author to include an arbitrary local .php file when an article is viewed. No fixed version is currently identified.
| CWE | CWE-24 CWE-98 |
| Vendor | emlog |
| Product | emlog |
| Published | Jul 16, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for emlog emlog
Be the first to know when new unknown vulnerabilities affecting emlog emlog are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
emlog / emlog
<= 2.6.13