Description
Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary code on the underlying server. This issue has been fixed by a patch released in April 2026.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://cert.pl/posts/2026/07/CVE-2026-6847/ |
|
History
Mon, 13 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload function. The application exposes an endpoint that allows unauthenticated attackers to upload arbitrary PHP files by providing a base64-encoded payload and to execute arbitrary code on the underlying server. This issue has been fixed by a patch released in April 2026. | |
| Title | Unauthenticated Remote Code Execution in ThemisNETPanel | |
| Weaknesses | CWE-306 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2026-07-13T13:26:20.946Z
Reserved: 2026-04-22T08:08:03.689Z
Link: CVE-2026-6847
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses