Unauthenticated Access Vulnerability in phpVMS Application by phpVMS
CVE-2026-42569

9.4CRITICAL

Key Information:

Vendor

PHPvms

Status
PHPvms
Vendor
CVE Published:
9 May 2026

What is CVE-2026-42569?

phpVMS, a PHP application designed for simulating airline operations, was found to have a vulnerability that permitted unauthorized users to exploit a vintage import feature. This flaw, discovered prior to version 7.0.6, was subsequently rectified to bolster security measures. Users are advised to upgrade to version 7.0.6 or later to safeguard their systems and data from potential threats.

Affected Version(s)

phpvms < 7.0.6

References

https://github.com/phpvms/phpvms/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/phpvms/phpvms/commit/f59ba8e0e8fc25c60...
x_refsource_MISC
https://github.com/phpvms/phpvms/releases/tag/7.0.6
x_refsource_MISC

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.