{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-35675/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-35675"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["phpMyFAQ \u003c 4.1.3"],"_cs_severities":["high"],"_cs_tags":["authentication bypass","cve-2026-35675","phpMyFAQ"],"_cs_type":"advisory","_cs_vendors":["phpMyFAQ"],"content_html":"\u003cp\u003ephpMyFAQ before 4.1.3 is susceptible to an authentication bypass vulnerability (CVE-2026-35675) within its password reset functionality. This flaw allows unauthenticated attackers to reset the passwords of arbitrary user accounts without requiring any token verification or email confirmation. Successful exploitation grants attackers complete control over compromised accounts, including those with administrative privileges. The vulnerability stems from a lack of proper authorization checks in the password reset endpoint. This can lead to attackers enumerating valid usernames, resetting their passwords, and obtaining plaintext passwords through the password reset email functionality.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable phpMyFAQ instance running a version prior to 4.1.3.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the password reset endpoint without authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker enumerates valid usernames, potentially by leveraging public information or other vulnerabilities.\u003c/li\u003e\n\u003cli\u003eThe attacker submits a password reset request for a targeted user account.\u003c/li\u003e\n\u003cli\u003eDue to the missing token verification, the password reset is processed without proper authorization.\u003c/li\u003e\n\u003cli\u003eThe system sends a password reset email containing the new plaintext password to the targeted user\u0026rsquo;s email address.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts or gains access to the password reset email.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the plaintext password to log into the compromised account and perform unauthorized actions, including gaining administrative access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthenticated attackers to reset any user account password, leading to complete account takeover. This can result in unauthorized access to sensitive information, data breaches, and potential disruption of services. If an attacker gains access to an administrative account, they can modify the application, inject malicious code, or further compromise the server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade phpMyFAQ to version 4.1.3 or later to patch CVE-2026-35675.\u003c/li\u003e\n\u003cli\u003eImplement multi-factor authentication (MFA) to mitigate the impact of password compromise.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PhpMyFAQ Password Reset Request Without Authentication\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity related to the password reset endpoint as per the \u003ccode\u003elogsource\u003c/code\u003e defined in the Sigma rules.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T16:18:27Z","date_published":"2026-05-28T16:18:27Z","id":"https://feed.craftedsignal.io/briefs/2026-05-phpmyfaq-auth-bypass/","summary":"phpMyFAQ before version 4.1.3 is vulnerable to an authentication bypass in the password reset endpoint, allowing unauthenticated attackers to reset any user account password without token verification or email confirmation, potentially leading to complete account takeover, including administrative access.","title":"phpMyFAQ Authentication Bypass Vulnerability (CVE-2026-35675)","url":"https://feed.craftedsignal.io/briefs/2026-05-phpmyfaq-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-35675","version":"https://jsonfeed.org/version/1.1"}