CVE-2026-6847
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Summary
Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary code on the underlying server. This issue has been fixed by a patch released in April 2026.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| 4real | ThemisNETPanel | 0 < 04.2026 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.