PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12194 phpipam CVE debrief

CVE-2026-12194 is an authenticated local file inclusion vulnerability in PHPIPAM that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations. This vulnerability has a CVSS score of 2.3 and a severity of LOW. The CVE was published on 2026-07-04T08:16:20.643Z and has not been modified since then. The vulnerability is related to CWE-98. There is no evidence of ransomware campaign use.

Vendor
phpipam
Product
Unknown
CVSS
LOW 2.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Administrators and users of PHPIPAM should be aware of this vulnerability, especially those with API access. Although the API is not enabled by default, users should verify their installation configuration and monitor for potential exploitation attempts.

Technical summary

The vulnerability exists in PHPIPAM, an IP address management tool. An authenticated user with API access can execute arbitrary PHP files on the web server's file system. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified as CWE-98.

Defensive priority

Given the low CVSS score, this vulnerability is not considered high priority. However, administrators should still verify their installation configuration and monitor for potential exploitation attempts.

Recommended defensive actions

  • Verify API access configuration and ensure it is not enabled by default.
  • Monitor for potential exploitation attempts and implement logging and alerting.
  • Apply patches or updates when available.
  • Restrict API access to necessary users and implement additional authentication mechanisms.
  • Perform regular security audits and vulnerability assessments.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. The source item URL provides additional context from the NVD database. Two source references provide additional information on the vulnerability and potential exploitation.

Official resources

This article is AI-assisted and based on the supplied source corpus.