Emlog has Broken Access Control (BAC)_CVE-2026-21429

2 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.

Basic Information

ID CVE-2026-21429

Source GitHub_M

Published Jan 2, 2026 at 17:23

Affected Product

Vendor emlog

Product emlog

Version = 2.5.23

Affected Versions emlog emlog = 2.5.23

CWE Classification

CWE-862

References

github.com /emlog/emlog/security/advisories/GHSA-jw5v-2g53-rx8w

{
    "lastseen": "",
    "description": "Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.",
    "published": "2026-01-02T17:23:17.252Z",
    "modified": "2026-01-02T17:23:17.252Z",
    "type": "cve",
    "title": "Emlog has Broken Access Control (BAC)",
    "source": "GitHub_M",
    "references": "https://github.com/emlog/emlog/security/advisories/GHSA-jw5v-2g53-rx8w",
    "id": "CVE-2026-21429",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "emlog emlog = 2.5.23",
    "sourceHref": "",
    "cvss": {
        "score": 2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "emlog",
    "version": "= 2.5.23",
    "vendor": "emlog",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}