CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-31954

Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.5%

CVSS Severity

References

https://github.com/emlog/emlog/security/advisories/GHSA-xc26-93qj-rcrw

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31954

Products

Pricing

Contact Us