Which versions of phpMyFAQ are affected by CVE-2026-35671?

phpMyFAQ versions before 4.1.3 contain a privilege escalation vulnerability (CVSS 8.7) allowing authenticated low-privilege administrators to hijack SuperAdmin and other administrator accounts,…. A patch is available.

phpMyFAQ CVE-2026-35671

Q: What is the CVSS score of CVE-2026-35671?

CVE-2026-35671 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

EUVD-2026-32902 HIGH

Incorrect Privilege Assignment (CWE-266)

2026-05-28 VulnCheck

GHSA-xvp4-phqj-cjr3

Privilege Escalation

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 28, 2026 - 17:01 EUVD

Analysis Updated

May 28, 2026 - 16:36 vuln.today

v3 (cvss_changed)

Analysis Updated

May 28, 2026 - 16:35 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 28, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 28, 2026 - 16:22 NVD

8.8 (HIGH) 8.7 (HIGH)

Source Code Evidence Fetched

May 28, 2026 - 15:54 vuln.today

Analysis Generated

May 28, 2026 - 15:54 vuln.today

DescriptionNVD

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to SuperAdmin by modifying the userId parameter in the overwrite-password API request.

AnalysisAI

Privilege escalation in phpMyFAQ before 4.1.3 allows any authenticated low-privilege administrator to take over SuperAdmin (userId=1) or any other account by manipulating the userId parameter in the /admin/api/user/overwrite-password PUT request. The flaw is an insecure direct object reference (IDOR) in the Admin API where authorization checks confirm only that the caller holds the generic USER_EDIT permission, never that the caller is authorized to manage the targeted account. …

RemediationAI

Within 24 hours: Inventory all phpMyFAQ installations and identify those running versions before 4.1.3; implement temporary restrictions on low-privilege administrator accounts if feasible. Within 7 days: Upgrade all affected phpMyFAQ instances to version 4.1.3 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-35671 vulnerability details – vuln.today

Back

phpMyFAQ CVE-2026-35671

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

phpMyFAQ CVE-2026-35671

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code