Privilege Escalation Vulnerability in phpBB Administration Control Panel
CVE-2026-47366

7.2HIGH

Key Information:

Vendor

PHPbb

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-47366?

A flaw in the phpBB Administration Control Panel (ACP) allows authenticated administrators to override their authorized access permissions. This improper verification of access can enable an administrator to grant themselves or other users elevated permissions beyond their intended rights, leading to potential exploitation within the administrative interface. It's crucial for phpBB users to ensure they are using secure configurations and to update to the latest versions to mitigate such risks.

Affected Version(s)

phpBB 3.3.0 <= 3.3.16

References

CVSS V3.0

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.