CVE-2026-48488

Summary

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
thorstenphpMyFAQ< 4.1.4affected

Weaknesses

  • CWE-328: CWE-328: Use of Weak Hash

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References