Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
phpMyFAQ Missing Authorization Vulnerability - CVE-2026-27836 - Vulnerability Database
phpMyFAQ

phpMyFAQ Missing Authorization Vulnerability - CVE-2026-27836

High
Reference: CVE-2026-27836
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-27836
Title: phpMyFAQ Missing Authorization Vulnerability
Overview:

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18 the WebAuthn prepare endpoint (/api/webauthn/prepare) creates new active user accounts without any authentication CSRF protection captcha or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.