SVG Sanitizer Bypass in phpMyFAQ Leads to Privilege Escalation
CVE-2026-34974

5.4MEDIUM

Key Information:

Vendor: Thorsten
Status: pHPMyFAQ
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-34974?

The SVG sanitizer in phpMyFAQ, an open-source FAQ application, is susceptible to a bypass due to improper handling of HTML entity encoding within javascript: URLs. This issue allows any user with edit_faq permissions to upload a malicious SVG file that can execute arbitrary JavaScript code when viewed. Consequently, this vulnerability may lead to unauthorized privilege escalation, allowing an editor to gain full administrative control over the application. This critical security flaw was addressed in version 4.1.1, which ensures robust filtering of SVG content.

Affected Version(s)

phpMyFAQ < 4.1.1

References

https://github.com/thorsten/phpMyFAQ/security/advisories/...

x_refsource_CONFIRM

https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34974 Data

JSON

Thorsten

What is CVE-2026-34974?

Affected Version(s)

References

CVSS V3.1

Timeline