Cve-2026-35675 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-35675/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 28 May 2026 16:18:27 +0000phpMyFAQ Authentication Bypass Vulnerability (CVE-2026-35675)https://feed.craftedsignal.io/briefs/2026-05-phpmyfaq-auth-bypass/Thu, 28 May 2026 16:18:27 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-phpmyfaq-auth-bypass/phpMyFAQ before version 4.1.3 is vulnerable to an authentication bypass in the password reset endpoint, allowing unauthenticated attackers to reset any user account password without token verification or email confirmation, potentially leading to complete account takeover, including administrative access.phpMyFAQ before 4.1.3 is susceptible to an authentication bypass vulnerability (CVE-2026-35675) within its password reset functionality. This flaw allows unauthenticated attackers to reset the passwords of arbitrary user accounts without requiring any token verification or email confirmation. Successful exploitation grants attackers complete control over compromised accounts, including those with administrative privileges. The vulnerability stems from a lack of proper authorization checks in the password reset endpoint. This can lead to attackers enumerating valid usernames, resetting their passwords, and obtaining plaintext passwords through the password reset email functionality.

Attack Chain

  1. The attacker identifies a vulnerable phpMyFAQ instance running a version prior to 4.1.3.
  2. The attacker accesses the password reset endpoint without authentication.
  3. The attacker enumerates valid usernames, potentially by leveraging public information or other vulnerabilities.
  4. The attacker submits a password reset request for a targeted user account.
  5. Due to the missing token verification, the password reset is processed without proper authorization.
  6. The system sends a password reset email containing the new plaintext password to the targeted user’s email address.
  7. The attacker intercepts or gains access to the password reset email.
  8. The attacker uses the plaintext password to log into the compromised account and perform unauthorized actions, including gaining administrative access.

Impact

Successful exploitation of this vulnerability allows unauthenticated attackers to reset any user account password, leading to complete account takeover. This can result in unauthorized access to sensitive information, data breaches, and potential disruption of services. If an attacker gains access to an administrative account, they can modify the application, inject malicious code, or further compromise the server.

Recommendation

  • Upgrade phpMyFAQ to version 4.1.3 or later to patch CVE-2026-35675.
  • Implement multi-factor authentication (MFA) to mitigate the impact of password compromise.
  • Deploy the Sigma rule Detect PhpMyFAQ Password Reset Request Without Authentication to identify potential exploitation attempts.
  • Monitor web server logs for suspicious activity related to the password reset endpoint as per the logsource defined in the Sigma rules.
]]>highadvisoryauthentication bypasscve-2026-35675phpMyFAQ