CVE-2026-31954
March 11, 2026
Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks.
Affected Packages
https://github.com/emlog/emlog.git (GITHUB):
Affected version(s) >=pro-1.0.0 <pro-2.6.7Fix Suggestion:
Update to version pro-2.6.7Related ResourcesĀ (1)
Do you need more information?
Contact UsWeakness Type (CWE)
Cross-Site Request Forgery (CSRF)
EPSS
Base Score:
0.02
