Vulnerability in phpMyFAQ Affects Attachment Password Hashing
CVE-2026-48488

2.7LOW

Key Information:

Vendor: Thorsten
Status: pHPMyFAQ
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-48488?

The phpMyFAQ application, a widely used open source FAQ management tool, is affected by a significant vulnerability that involves the hashing of attachment passwords using the SHA-1 algorithm. This hashing method is known to be insecure and vulnerable to collision attacks, as demonstrated since 2017. The issue was resolved in version 4.1.4, where a more secure hashing method was implemented, mitigating the risks associated with this cryptographic weakness.

Affected Version(s)

phpMyFAQ < 4.1.4

References

https://github.com/thorsten/phpMyFAQ/security/advisories/...

x_refsource_CONFIRM

https://github.com/thorsten/phpMyFAQ/commit/1aa9be6f8a2fa...

x_refsource_MISC

CVSS V4

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48488 Data

JSON

Thorsten

What is CVE-2026-48488?

Affected Version(s)

References

CVSS V4

Timeline