What is CVE-2026-46366?

CVE-2026-46366 is a high-severity vulnerability in Thorsten Phpmyfaq, classified under Incorrect Authorization. CVSS score: 7.5/10. Published 2026-05-15.

How severe is CVE-2026-46366?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Thorsten Phpmyfaq

CVE-2026-46366

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via th…

Vulnerability class: Broken Access Control

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Thorsten Phpmyfaq — versions 0, 4.1.2

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-46366?: CVE-2026-46366 is a high-severity vulnerability in Thorsten Phpmyfaq, classified under Incorrect Authorization. CVSS score: 7.5/10. Published 2026-05-15.
How severe is CVE-2026-46366?: High severity. CVSS v3 base score is 7.5 out of 10.