What is CVE-2026-35675?

CVE-2026-35675 is a high-severity vulnerability in Thorsten Phpmyfaq, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 8.2/10. Published 2026-05-28.

How severe is CVE-2026-35675?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Thorsten Phpmyfaq

CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can e…

EPSS: 0.001 (31.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N.

Affected products

Thorsten Phpmyfaq — versions 0, 4.1.3

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

disclosure@vulncheck.com (third-party-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-35675?: CVE-2026-35675 is a high-severity vulnerability in Thorsten Phpmyfaq, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 8.2/10. Published 2026-05-28.
How severe is CVE-2026-35675?: High severity. CVSS v3 base score is 8.2 out of 10.