CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/emlog/emlog/security/advisories/GHSA-jw5v-2g53-rx8w	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:emlog:emlog:2.5.23:*:*:*:pro:*:*:*

History

29 Apr 2026, 01:00

Type	Values Removed	Values Added
Summary		(es) Emlog es un sistema de creación de sitios web de código abierto. En la versión 2.5.23, el administrador puede establecer controles que impiden a los usuarios editar o eliminar sus artículos después de publicarlos. En el momento de la publicación, no se conocen versiones parcheadas disponibles.

16 Jan 2026, 17:11

Type	Values Removed	Values Added
First Time		Emlog emlog Emlog
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CPE		cpe:2.3:a:emlog:emlog:2.5.23::::pro:::
References	~~() https://github.com/emlog/emlog/security/advisories/GHSA-jw5v-2g53-rx8w -~~	() https://github.com/emlog/emlog/security/advisories/GHSA-jw5v-2g53-rx8w - Exploit, Vendor Advisory

02 Jan 2026, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-02 18:15

Updated : 2026-04-29 01:00

NVD link : CVE-2026-21429

Mitre link : CVE-2026-21429

CVE.ORG link : CVE-2026-21429

JSON object : View

Products Affected

emlog

emlog

CWE

CWE-862

Missing Authorization

{"id": "CVE-2026-21429", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-02T18:15:55.110", "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-jw5v-2g53-rx8w", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available."}, {"lang": "es", "value": "Emlog es un sistema de creaci\u00f3n de sitios web de c\u00f3digo abierto. En la versi\u00f3n 2.5.23, el administrador puede establecer controles que impiden a los usuarios editar o eliminar sus art\u00edculos despu\u00e9s de publicarlos. En el momento de la publicaci\u00f3n, no se conocen versiones parcheadas disponibles."}], "lastModified": "2026-04-29T01:00:01.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emlog:emlog:2.5.23:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "CBBD3D75-C2B3-4727-9B9E-6408956E4ADB"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}