CVE-2026-24420
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-24

Last updated on: 2026-01-28

Assigner: GitHub, Inc.

Description
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-24
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24420
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
phpmyfaq phpmyfaq to 4.0.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a broken access control issue in phpMyFAQ version 4.0.16 and below. It allows authenticated users who do not have the 'dlattachment' permission to download FAQ attachments. The problem arises from a flawed permission check in the attachment.php file, where the presence of a permission key is improperly validated using isset(), which returns true even if the permission value is false. This causes the access control logic to rely mainly on group permissions, potentially allowing unauthorized users to access attachments they should not be able to download. [1]

Impact Analysis

The impact of this vulnerability is a confidentiality breach. Unauthorized users who are logged in but lack the proper 'dlattachment' permission can download potentially sensitive FAQ attachments. This could lead to exposure of confidential information contained in those attachments. [1]

Detection Guidance

This vulnerability can be detected by attempting to download FAQ attachments as a logged-in user who does not have the "dlattachment" permission. A proof of concept involves authenticating as a non-admin user without the "dlattachment" right and then requesting the attachment download endpoint. This can be done using curl commands to authenticate and then download the attachment, checking if unauthorized access is possible. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade phpMyFAQ to version 4.0.17 or later, where the issue has been fixed. Until the upgrade can be performed, restrict access to the attachment download endpoint to only authorized users and review user permissions to ensure that unauthorized users do not have access to attachments. [1]

Compliance Impact

This vulnerability leads to unauthorized access to FAQ attachments, causing a confidentiality breach. Such unauthorized disclosure of potentially sensitive information could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive data. However, specific compliance impacts are not detailed in the provided resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24420. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart