CVE-2026-47366

7.2HIGH

Key Information:

Vendor: PHPbb
Status: PHPbb
Vendor: CVE Published:; 12 June 2026

What is CVE-2026-47366?

Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.

Affected Version(s)

phpBB 3.3.0 <= 3.3.16

References

https://www.phpbb.com/community/viewtopic.php?t=2672170

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-47366 Data

JSON

PHPbb

What is CVE-2026-47366?

Affected Version(s)

References

CVSS V3.0

Timeline