CVE-2026-42569

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions phpVMS versions 7.x through 7.0.5

Description A critical issue in the legacy importer component allows unauthenticated access to a deprecated import feature. A remote attacker can trigger internal processes to modify or delete application data, which may lead to data loss or service disruption.

Recommendations Update to version 7.0.6 or later. As a temporary workaround, comment out the routes associated with the legacy importer to disable access to the feature.

Fix

Missing Authorization

Missing Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-306CWE-284

Related Identifiers

CVE-2026-42569

GHSA-FV26-4939-62FH

Affected Products

Phpvms

CVE-2026-42569

Weakness Enumeration

Related Identifiers

Affected Products

References · 16