phpVMS has an /importer authorization bypass causing full database wipe — CVE-2026-42569
GitHub · GitHub · CVE-2026-42569
ID
CVE-2026-42569
CVE-2026-42569
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
critical
critical
CVSS
9.4
9.4
EPSS
0.0004
0.0004
Summary
# Security Advisory: Unauthenticated Access to Legacy Import Feature **Severity:** Critical **Affected versions:** phpVMS 7.x (up to 7.0.5) **Fixed in:** v7.0.6 **Component:** Legacy importer ## Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this feature is deprecated, parts of it remained accessible and operational. ## Impact A remote attacker…
Product
composer: nabeel/phpvms
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.