Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-mdxy-3bhf-6ybe
Vulnerability ID VCID-mdxy-3bhf-6ybe
Aliases CVE-2026-35672
GHSA-gp95-j463-vv28
Summary phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via POST endpoints /api/v4.0/faq/create, /api/v4.0/category, and /api/v4.0/question.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1188 Initialization of a Resource with an Insecure Default
System Score Found at
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2026-35672
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-gp95-j463-vv28
cvssv3.1 7.5 https://github.com/thorsten/phpMyFAQ
cvssv4 8.7 https://github.com/thorsten/phpMyFAQ
generic_textual HIGH https://github.com/thorsten/phpMyFAQ
cvssv3.1 7.5 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
cvssv3.1_qr HIGH https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
cvssv4 8.7 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
cvssv4 8.7 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
generic_textual HIGH https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
ssvc Track https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2026-35672
cvssv4 8.7 https://nvd.nist.gov/vuln/detail/CVE-2026-35672
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-35672
cvssv3.1 7.5 https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
cvssv4 8.7 https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
cvssv4 8.7 https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
generic_textual HIGH https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
ssvc Track https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-35672
https://github.com/thorsten/phpMyFAQ
CVE-2026-35672 https://nvd.nist.gov/vuln/detail/CVE-2026-35672
GHSA-gp95-j463-vv28 https://github.com/advisories/GHSA-gp95-j463-vv28
GHSA-gp95-j463-vv28 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
phpmyfaq-authentication-bypass-via-empty-api-token https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/thorsten/phpMyFAQ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Found at https://github.com/thorsten/phpMyFAQ
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Found at https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T15:28:03Z/ Found at https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-35672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Found at https://nvd.nist.gov/vuln/detail/CVE-2026-35672
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Found at https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T15:28:03Z/ Found at https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token
Exploit Prediction Scoring System (EPSS)
Percentile 0.26987
EPSS Score 0.00098
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:45:04.635294+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/35xxx/CVE-2026-35672.json 38.6.0