VYPR
Medium severity4.3NVD Advisory· Published May 15, 2026· Updated May 28, 2026

CVE-2026-45009

CVE-2026-45009

Description

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access sensitive backend operational information including dashboard versions, LDAP configuration, Elasticsearch statistics, and health-check data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
thorsten/phpmyfaqPackagist
>= 4.1.1, < 4.1.24.1.2
phpmyfaq/phpmyfaqPackagist
>= 4.1.1, < 4.1.24.1.2

Affected products

1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.