phpMyFAQ Information Disclosure (CVE-2026-46366) Exposes Restricted Content

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityinformation-disclosurecwe-863
phpMyFAQ Information Disclosure (CVE-2026-46366) Exposes Restricted Content

The National Vulnerability Database has disclosed CVE-2026-46366, an information disclosure vulnerability in phpMyFAQ versions prior to 4.1.2. This flaw resides in the getIdFromSolutionId() method, which lacks proper permission filtering. Unauthenticated attackers can exploit this by sequentially iterating solution_id values via the /solution_id_{id}.html endpoint.

This attack allows adversaries to enumerate and read the titles of restricted FAQ entries, including those intended only for specific users or groups. The vulnerability leaks sensitive metadata through HTTP redirect Location headers and page canonical links, effectively bypassing access controls. The National Vulnerability Database assigns this a CVSS score of 7.5 (HIGH), indicating a significant risk.

Attackers gain a clear advantage by understanding an organization’s internal knowledge base, even if the full content isn’t directly exposed. This metadata can inform social engineering campaigns, identify critical systems, or reveal internal processes, providing valuable reconnaissance for more sophisticated attacks. Defenders must prioritize patching to prevent this easy win for adversaries.

What This Means For You

  • If your organization uses phpMyFAQ, immediately check your version. Any installation before 4.1.2 is vulnerable. Patch to version 4.1.2 or later without delay to prevent unauthenticated information disclosure of your internal FAQ content. Audit your public-facing phpMyFAQ instances for any unusual access patterns or sequential requests to the `/solution_id_{id}.html` endpoint.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1041 Exfiltration Over C2 Channel Exfiltration T1590.002 Scan for Network Shared Drives Reconnaissance

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-46366 - phpMyFAQ Information Disclosure via Solution ID Enumeration

Sigma YAML — free preview 
title: CVE-2026-46366 - phpMyFAQ Information Disclosure via Solution ID Enumeration
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
  Detects attempts to exploit CVE-2026-46366 by accessing restricted phpMyFAQ entries through the '/solution_id_{id}.html' endpoint. The vulnerability allows unauthenticated attackers to enumerate restricted FAQ entries by sequentially iterating solution IDs. A successful exploitation often results in a redirect (HTTP 302) as the application tries to resolve the non-existent or restricted solution ID, leaking metadata in the Location header.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-46366/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/solution_id_'
      cs-uri|endswith:
          - '.html'
      sc-status:
          - 302
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-46366 Information Disclosure phpMyFAQ before 4.1.2
CVE-2026-46366 Information Disclosure getIdFromSolutionId() method
CVE-2026-46366 Information Disclosure /solution_id_{id}.html endpoint

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 15, 2026 at 22:17 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race Condition

CVE-2026-45675 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use...

vulnerabilityCVEhigh-severitycwe-269cwe-362
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Self-Hosted AI

CVE-2026-45671 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files...

vulnerabilityCVEhigh-severitycwe-639
/SCW Vulnerability Desk /HIGH /8 /⚑ 4 IOCs /⚙ 3 Sigma

Open WebUI CVE-2026-45399: Low-Privilege Users Disrupt System-Wide AI Tasks

CVE-2026-45399 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma