CVE-2026-35672
7.5 HIGHphpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unaut...
Published: 2026-05-28 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-1188
Description
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via POST endpoints /api/v4.0/faq/create, /api/v4.0/category, and /api/v4.0/question.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-35672
- [Other]https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
- [Other]https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
- [Other]https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
Related CVEs
Same CWE
- CVE-2026-46517 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-36616 — Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS... (5.9 MEDIUM)
- CVE-2026-36612 — Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 1... (6.4 MEDIUM)
- CVE-2026-44825 — Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0... (8.1 HIGH)
- CVE-2026-9039 — A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication...