Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://cert.pl/posts/2026/07/CVE-2026-6847/ |
|
Mon, 13 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
4real
4real themisnetpanel |
|
| Vendors & Products |
4real
4real themisnetpanel |
Mon, 13 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary code on the underlying server. This issue has been fixed by a patch released in April 2026. | |
| Title | Unauthenticated Remote Code Execution in ThemisNETPanel | |
| Weaknesses | CWE-306 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2026-07-13T13:26:20.946Z
Reserved: 2026-04-22T08:08:03.689Z
Link: CVE-2026-6847
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T14:37:48Z