Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-emzq-e5ru-w3cx
Vulnerability ID VCID-emzq-e5ru-w3cx
Aliases CVE-2026-27836
GHSA-w22q-m2fm-x9f4
Summary phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-862 Missing Authorization
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2026-27836
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2026-27836
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-w22q-m2fm-x9f4
cvssv3.1 7.5 https://github.com/thorsten/phpMyFAQ
generic_textual HIGH https://github.com/thorsten/phpMyFAQ
cvssv3.1 7.5 https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
generic_textual HIGH https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
ssvc Track https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
cvssv3.1 7.5 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
cvssv3.1_qr HIGH https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
generic_textual HIGH https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
ssvc Track https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2026-27836
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-27836
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-27836
https://github.com/thorsten/phpMyFAQ
CVE-2026-27836 https://nvd.nist.gov/vuln/detail/CVE-2026-27836
f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1 https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
GHSA-w22q-m2fm-x9f4 https://github.com/advisories/GHSA-w22q-m2fm-x9f4
GHSA-w22q-m2fm-x9f4 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/thorsten/phpMyFAQ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/ Found at https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/ Found at https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-27836
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.19515
EPSS Score 0.00062
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:50:53.554562+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/27xxx/CVE-2026-27836.json 38.6.0