{"vulnerability": "cve-2026-24421", "sightings": [{"uuid": "a9ce3610-d8e9-489a-8545-a7ed27c38329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3md5b5cty2v23", "content": "", "creation_timestamp": "2026-01-24T03:21:55.148783Z"}, {"uuid": "7eb6603a-63bd-40ad-9f52-5ab7179a74b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://gist.github.com/alon710/280a53f6f2d65fc97e55b7753d13e7b1", "content": "", "creation_timestamp": "2026-01-24T21:22:20.000000Z"}, {"uuid": "ff2b9bf9-af6b-45e1-ad79-ccd87cbee448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3mkmvgdbvrs27", "content": "\ud83d\udea8 New Exploit: phpMyFAQ  4.0.16 - Improper Authorization\n\ud83d\udccb CVE: CVE-2026-24421\n\ud83d\udc64 Author: contact\n\n\ud83d\udd17 https://www.exploit-db.com/exploits/52523\n\n#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24421", "creation_timestamp": "2026-04-29T10:31:09.819568Z"}, {"uuid": "3b31b25d-cd1a-4f60-b8fa-35667408f453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-24421", "type": "published-proof-of-concept", "source": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g", "content": "", "creation_timestamp": "2026-01-23T19:02:39.000000Z"}, {"uuid": "66d0490e-c218-4bd5-9d70-13a94e24b21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3molwlpwmh22a", "content": "\ud83d\udea8 EUVD-2026-37954\n\ud83d\udcca 6.5/10\n\ud83c\udfe2 thorsten\n\n\ud83d\udcdd phpMyFAQ is an open source FAQ web application. Versions prior to  4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 address...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-37954\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-18T23:00:11.464972Z"}, {"uuid": "c2b99967-ed8d-467b-918e-714f7138aeb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://gist.github.com/alon710/b22b0dd984dd927be769bc999880e7f3", "content": "# CVE-2026-49205: CVE-2026-49205: Missing Authorization in phpMyFAQ Public REST API Write Endpoints\n\n> **CVSS Score:** 6.5\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-49205\n\n## Summary\nAn incomplete security patch for CVE-2026-24421 in phpMyFAQ allows authenticated low-privileged users to bypass role-based access controls. While the initial patch addressed missing authorization in the BackupController, it left four critical write-enabled endpoints vulnerable. This allows remote attackers with a valid low-privilege API token to perform unauthorized data modifications, creating categories, creating FAQs, updating FAQs, and injecting questions directly into the database.\n\n## TL;DR\nAn incomplete fix for CVE-2026-24421 in phpMyFAQ leaves four REST API endpoints vulnerable to missing authorization, enabling low-privileged authenticated users to modify categories, FAQs, and system questions without the required role permissions.\n\n## Technical Details\n\n- **CWE ID**: CWE-862: Missing Authorization\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 6.5 (Medium)\n- **Exploit Maturity**: None / Unproven\n- **EPSS Score**: 0.0024\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- phpMyFAQ open-source FAQ web application\n- **phpMyFAQ**: < 4.1.4 (Fixed in: `4.1.4`)\n\n## Mitigation\n\n- Upgrade phpMyFAQ to version 4.1.4 or higher.\n- Implement a manual code-level patch to enforce role validation on all public REST API write endpoints.\n- Deploy WAF rules to restrict POST and PUT requests to public API controllers based on user roles.\n\n**Remediation Steps:**\n1. Download phpMyFAQ version 4.1.4 from the official repository.\n2. Apply database and application updates following the standard phpMyFAQ upgrade documentation.\n3. Validate API security policies by attempting a write request using a low-privileged API token.\n\n## References\n\n- [GitHub Security Advisory GHSA-8c6h-7g6x-m5x4](https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-8c6h-7g6x-m5x4)\n- [CVE-2026-49205 Record](https://www.cve.org/CVERecord?id=CVE-2026-49205)\n- [CWE-862 Reference](https://cwe.mitre.org/data/definitions/862.html)\n- [MITRE ATT&CK T1068 Reference](https://attack.mitre.org/techniques/T1068/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-49205) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-23T22:42:14.000000Z"}]}