🔐 CVE Alert

CVE-2026-6847

UNKNOWN 0.0

Unauthenticated Remote Code Execution in ThemisNETPanel

CVSS Score
0.0
EPSS Score
0.6%
EPSS Percentile
44th

Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary code on the underlying server. This issue has been fixed by a patch released in April 2026.

CWE CWE-306
Vendor 4real
Product themisnetpanel
Published Jul 13, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for 4real themisnetpanel

Be the first to know when new unknown vulnerabilities affecting 4real themisnetpanel are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

4real / ThemisNETPanel
0 < 04.2026

References

NVD ↗ CVE.org ↗ EPSS Data ↗
cert.pl: https://cert.pl/posts/2026/07/CVE-2026-6847/

Credits

Kamil Szczurowski Robert Kruczek