cbcvebase.
CVE-2026-48488
published 2026-06-08

CVE-2026-48488: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm…

PriorityP413low2.7CVSS 4.0
AVNACLATNPRNUINVCLVINVANSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.18%
8.0th percentile
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4 fixes the issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
phpmyfaqphpmyfaq>= 0 < 4.1.44.1.4
thorstenphpmyfaq< 4.1.44.1.4
thorstenphpmyfaq>= 0 < 4.1.44.1.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.