CVE-2026-47366 HIGH

CVE-2026-47366

Vendor Phpbb
Product phpBB
Weakness CWE-284
Published June 12, 2026
Last update June 12, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 12, 2026 Record updated