PatchSiren cyber security CVE debrief
CVE-2026-47366 phpBB CVE debrief
CVE-2026-47366 is a HIGH severity vulnerability in PhpBB, with a CVSS score of 7.2. The vulnerability is caused by improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP). This allows an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-47366) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-47366).
- Vendor
- phpBB
- Product
- Unknown
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of PhpBB are advised to take immediate action to mitigate this vulnerability.
Technical summary
The vulnerability is caused by improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP). This allows an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.
Defensive priority
HIGH
Recommended defensive actions
- Apply the latest security patches and updates for PhpBB.
- Restrict access to the Administration Control Panel (ACP) to authorized personnel only.
- Monitor administrative interface activity for suspicious behavior.
Evidence notes
The vendor and product information is currently unknown, but evidence suggests a connection to PhpBB [ref-4].
Official resources
-
CVE-2026-47366 CVE record
CVE.org
-
CVE-2026-47366 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47366 was published on 2026-06-12T04:17:05.390Z and last modified on 2026-06-12T16:07:34.850Z.