Information Disclosure in phpMyFAQ Affects Unpublished FAQ Content
CVE-2026-57994
6.9MEDIUM
What is CVE-2026-57994?
The phpMyFAQ application prior to version 4.1.5 exposes a vulnerability in its public FAQ API endpoints. This flaw allows unauthenticated users to access inactive FAQ content, including titles and full answers, through specific API calls. While certain endpoints may restrict visibility to previews, full details are still retrievable, posing a significant risk of unauthorized access to sensitive content not intended for public view. Organizations using older versions of phpMyFAQ should update promptly to mitigate this risk.
Affected Version(s)
phpMyFAQ 4.1.0 < 4.1.5
phpMyFAQ 4.1.5
