CVE-2026-6847
Unauthenticated Remote Code Execution in ThemisNETPanel
CVSS Score
0.0
EPSS Score
0.6%
EPSS Percentile
44th
Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary code on the underlying server. This issue has been fixed by a patch released in April 2026.
| CWE | CWE-306 |
| Vendor | 4real |
| Product | themisnetpanel |
| Published | Jul 13, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for 4real themisnetpanel
Be the first to know when new unknown vulnerabilities affecting 4real themisnetpanel are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
4real / ThemisNETPanel
0 < 04.2026
Credits
Kamil Szczurowski Robert Kruczek