Which versions of PHP are affected by CVE-2026-4562?

MacCMS installations running version 2025.1000.4052 are vulnerable to unauthenticated API access that could allow attackers to read, modify, or disrupt sensitive data without credentials.

Is there a public PoC exploit available for CVE-2026-4562?

Yes, a public proof-of-concept exploit is available for CVE-2026-4562. Prioritise patching immediately. EPSS: 0.1%.

PHP CVE-2026-4562

Q: What is the CVSS score of CVE-2026-4562?

CVE-2026-4562 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-14337 MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-03-22 VulDB

GHSA-jqqr-rw2r-w5cx

PHP Authentication Bypass

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

Severity Changed

Apr 24, 2026 - 16:37 NVD

HIGH MEDIUM

CVSS changed

Apr 24, 2026 - 16:37 NVD

7.3 (HIGH) 6.9 (MEDIUM)

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 23:30 euvd

EUVD-2026-14337

Analysis Generated

Mar 22, 2026 - 23:30 vuln.today

CVE Published

Mar 22, 2026 - 23:09 nvd

HIGH 7.3

DescriptionNVD

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

AnalysisAI

MacCMS version 2025.1000.4052 contains a missing authentication vulnerability in the Timming API endpoint (application/api/controller/Timming.php). An unauthenticated remote attacker can access protected functionality, potentially leading to unauthorized data access, modification, or service disruption. …

RemediationAI

Within 24 hours: Identify all systems running MacCMS 2025.1000.4052 and assess their exposure; implement network-level access controls to restrict Timming API endpoint access. Within 7 days: Deploy WAF rules to block malicious requests to /application/api/controller/Timming.php; consider disabling the Timming API if not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4562 vulnerability details – vuln.today

Back

PHP CVE-2026-4562

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

PHP CVE-2026-4562

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code