Information Disclosure in phpMyFAQ Affects Unpublished FAQ Content
CVE-2026-57994

6.9MEDIUM

Key Information:

Vendor

pHPMyFAQ

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-57994?

The phpMyFAQ application prior to version 4.1.5 exposes a vulnerability in its public FAQ API endpoints. This flaw allows unauthenticated users to access inactive FAQ content, including titles and full answers, through specific API calls. While certain endpoints may restrict visibility to previews, full details are still retrievable, posing a significant risk of unauthorized access to sensitive content not intended for public view. Organizations using older versions of phpMyFAQ should update promptly to mitigate this risk.

Affected Version(s)

phpMyFAQ 4.1.0 < 4.1.5

phpMyFAQ 4.1.5

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YHalo-wyh
.