{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34607", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T17:15:52.500Z", "datePublished": "2026-04-03T22:35:56.664Z", "dateUpdated": "2026-04-06T15:42:13.270Z"}, "containers": {"cna": {"title": "Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m"}], "affected": [{"vendor": "emlog", "product": "emlog", "versions": [{"version": "<= 2.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:35:56.664Z"}, "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanitizing ZIP entry names. An authenticated admin can upload a crafted ZIP containing entries with ../ sequences to write arbitrary files to the server filesystem, including PHP webshells, achieving Remote Code Execution (RCE). At time of publication, there are no publicly available patches."}], "source": {"advisory": "GHSA-2jg8-rmhm-xv9m", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:36:52.737844Z", "id": "CVE-2026-34607", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:42:13.270Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34607", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T15:36:52.737844Z"}}}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:37:02.381Z"}}], "cna": {"title": "Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE", "source": {"advisory": "GHSA-2jg8-rmhm-xv9m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "emlog", "product": "emlog", "versions": [{"status": "affected", "version": "<= 2.6.2"}]}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m", "name": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanitizing ZIP entry names. An authenticated admin can upload a crafted ZIP containing entries with ../ sequences to write arbitrary files to the server filesystem, including PHP webshells, achieving Remote Code Execution (RCE). At time of publication, there are no publicly available patches."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:35:56.664Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34607", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:42:13.270Z", "dateReserved": "2026-03-30T17:15:52.500Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T22:35:56.664Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*", "matchCriteriaId": "87AE63DC-4F2B-44E3-8865-B6166722A5D6", "versionEndIncluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanitizing ZIP entry names. An authenticated admin can upload a crafted ZIP containing entries with ../ sequences to write arbitrary files to the server filesystem, including PHP webshells, achieving Remote Code Execution (RCE). At time of publication, there are no publicly available patches."}], "id": "CVE-2026-34607", "lastModified": "2026-04-13T17:37:26.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-03T23:17:04.423", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.6.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "emlog", "source": "cna", "vendor": "emlog"}, "product": "emlog", "vendor": "emlog"}], "analysis": {"en": {"generated_at": "2026-04-13T18:53:42.124305+00:00", "value": {"mitigation_remediation": ["Check for an official patch from Emlog and install it immediately if available.", "If a patch is not available, block or refuse ZIP file uploads from users with administrative privileges until remediation.", "Limit filesystem write permissions to only the directories required for CMS operation.", "Monitor the server for unexpected file creations or modifications, especially within web\u2011root directories.", "Implement a web\u2011application firewall rule that rejects or logs attempts to write files outside the intended upload area."], "summary": {"action": "Apply patch", "impact": "Remote Code Execution via arbitrary file write"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Emlog web\u2011site system, version 2.6.2 and earlier, within the common.php component that implements ZIP extraction for admin\u2011initiated uploads.", "description_and_impact": "A path traversal flaw exists in the emUnZip() routine of the Emlog website builder, specifically in versions 2.6.2 and earlier. When an authenticated site administrator uploads a ZIP archive\u2014through plugin, template, or backup import\u2014the function extracts files without sanitizing the entry names. Entries containing \"../\" sequences can be written to arbitrary locations in the server filesystem, allowing placement of PHP webshells and ultimately permitting remote code execution. The weakness corresponds to a classic directory traversal issue (CWE\u201122).", "risk_and_exploitability": "The CVSS score of 7.2 indicates moderate\u2011to\u2011high severity, and the EPSS score is reported below 1\u202f%, suggesting low publicly observable exploitation frequency. The vulnerability is not catalogued in the CISA KEV list. Attackers must first authenticate as an administrator, but once they have that privilege, the attack path\u2014uploading a crafted ZIP file\u2014is straightforward and requires no additional conditions. Given the nature of the flaw, exploitation would grant full control over the host filesystem from the perspective of the web application."}}}}, "created": "2026-04-06T21:22:07.901332+00:00", "updated": "2026-04-14T16:41:36.203381+00:00", "vendors": ["emlog", "emlog$PRODUCT$emlog"]}