CVE-2026-42287 CRITICAL

CVE-2026-42287: Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions

Vendor Emlog

Product emlog

Weakness CWE-89 · SQLi

Published May 8, 2026

Last update May 11, 2026

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

Description

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been patched in version 2.6.11.

Key dates

Disclosure timeline

May 8, 2026 CVE published

May 11, 2026 Record updated