Which versions of phpMyFAQ are affected by CVE-2026-46366?

An improperly protected endpoint allows unauthenticated disclosure of internal system identifiers, categories, and metadata, creating reconnaissance opportunities for threat actors.. A patch is available.

How to fix or mitigate CVE-2026-46366?

Within 24 hours: identify all systems running the affected product version and document exposure scope. Within 7 days: deploy the vendor-released patch to all instances. Within 30 days: audit access logs for anomalous queries to the vulnerable endpoint and confirm patching across all environments.

phpMyFAQ CVE-2026-46366

Q: What is the CVSS score of CVE-2026-46366?

CVE-2026-46366 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-30602 HIGH

Incorrect Authorization (CWE-863)

2026-05-15 VulnCheck

GHSA-cqrw-j4qc-7f9w

Authentication Bypass Information Disclosure Canonical

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 28, 2026 - 16:39 vuln.today

v3 (cvss_changed)

Analysis Updated

May 28, 2026 - 16:37 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 28, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 28, 2026 - 16:22 NVD

7.5 (HIGH) 8.7 (HIGH)

Patch available

May 15, 2026 - 20:02 EUVD

Source Code Evidence Fetched

May 15, 2026 - 19:32 vuln.today

Analysis Generated

May 15, 2026 - 19:32 vuln.today

DescriptionNVD

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.

AnalysisAI

{id}.html endpoint, leaking titles, internal IDs, languages, and category bindings via 301 redirect Location headers. The flaw stems from a missing permission filter in the getIdFromSolutionId() method, and a publicly available exploit code path is documented in the GitHub Security Advisory (GHSA-99qv-g4x9-mgc3) with SSVC marking exploitation as PoC and automatable. …

RemediationAI

Within 24 hours: identify all systems running the affected product version and document exposure scope. Within 7 days: deploy the vendor-released patch to all instances. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory