Description

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.

INFO

Published Date :

2026-01-02T19:00:22.611Z

Last Modified :

2026-01-05T20:37:52.330Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-21433 vulnerability.

Vendors Products
Emlog
  • Emlog
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-21433.

URL Resource
https://github.com/emlog/emlog/security/advisories/GHSA-6rwr-c8hc-mjj4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact